[thelist] DNS Lookup question
Chris Anderson
Chris at activeide.com
Tue Mar 11 12:38:33 CDT 2008
> Is it possible to find out all the sub-domains of a domain? For
> instance, if I created A records for private.domain.com and
> secret.domain.com; are there tools that one could run to find those
> sub-domains if they are aware of domain.com?
>
> I tried some online tools and searched around a bit but couldn't come
> up
> with anything useful. Just want to make sure before I roll some stuff
> out...
I believe you can if you have trusted access to a nameserver (i.e. you
are a nameserver [1]) by requesting a "zone transfer" (aka AXFR) using
nslookup.
This will basically dump you the nameserver's entire zone list
(including all sub-domains/hosts) and is normally used in replication.
However these days this functionality is tightly restricted and it's
rare that you find a badly configured NS.
You're more likely to expose them accidentally AFAIK
Chris
[1] or you know a badly configured nameserver!!
More information about the thelist
mailing list