Once we have found that there is a DNS ports (TCP 53/UDP 53) running on the target then we can use quick command below to test DNS zone transfer vulnerability.
Zone Transfer technics
dig axfr abc.com @nameserver
nslookup
> set type=any
> ls -d abc.com
dnsenum abc.com
dnsrecon -d megacorpone.com -t axfr
