First of all thanks for the answer, but I must say that I've already
tried all that.
Using nslookup returns the following:
=====================================
> ls -d domain.com
[[ns.domain.com]]
*** Can't list domain domain.com: Query refused
>
> domain.com
domain.com nameserver = ns.domain.com
.... ....
domain.com
primary name server = ns1.domain.com
responsible mail addr = p
serial = 1234567890
refresh = 3600 (1 hour)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
ns.domain.com internet address = x.x.x.x
=====================================
The request to enumerate all domain records (first ex.) returns "Query
refused".
A resolve request (second ex.) return what seems like all nameserver
records for that domain (type = ALL in nslookup).
That's nice but not as important as the other records the server
contains , they are the ones I'm after.
Suggestions?
- Vlad.
-----Original Message-----
From: Short_Circut [mailto:circutat_private]
Sent: Sunday, June 09, 2002 3:22 AM
To: Vlad
Cc: vuln-devat_private
Subject: Re: DNS zone transfer
> Greetings,
>
> Is it possible to remotely retrieve all DNS records from a server
> *without* knowing the specific zones it hosts?
> (cause then I can script "dig @dns-server.ip zone-domain ALL" )
>
> If it matters the server runs the DNS service on Win2k and I've got no
> preferance for Windows or *NIX tools. Any will do.
>
>
> Thanks,
> - Vlad.
>
try 'host' and nslookup.
host -l wustl.edu
and nslookup
[root@TheSocket - <~> nslookup
Default Server: Server.thesocket.net
Address: 10.0.2.1
> server ns1.wustl.edu
Default Server: ns1.wustl.edu
Address: 128.252.135.4
> ls -d wustl.edu
hehehe
view the nice result
:~Short_Circut~:
This archive was generated by hypermail 2b30 : Sun Jun 09 2002 - 08:25:42 PDT