First of all thanks for the answer, but I must say that I've already tried all that. Using nslookup returns the following: ===================================== > ls -d domain.com [[ns.domain.com]] *** Can't list domain domain.com: Query refused > > domain.com domain.com nameserver = ns.domain.com .... .... domain.com primary name server = ns1.domain.com responsible mail addr = p serial = 1234567890 refresh = 3600 (1 hour) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) ns.domain.com internet address = x.x.x.x ===================================== The request to enumerate all domain records (first ex.) returns "Query refused". A resolve request (second ex.) return what seems like all nameserver records for that domain (type = ALL in nslookup). That's nice but not as important as the other records the server contains , they are the ones I'm after. Suggestions? - Vlad. -----Original Message----- From: Short_Circut [mailto:circutat_private] Sent: Sunday, June 09, 2002 3:22 AM To: Vlad Cc: vuln-devat_private Subject: Re: DNS zone transfer > Greetings, > > Is it possible to remotely retrieve all DNS records from a server > *without* knowing the specific zones it hosts? > (cause then I can script "dig @dns-server.ip zone-domain ALL" ) > > If it matters the server runs the DNS service on Win2k and I've got no > preferance for Windows or *NIX tools. Any will do. > > > Thanks, > - Vlad. > try 'host' and nslookup. host -l wustl.edu and nslookup [root@TheSocket - <~> nslookup Default Server: Server.thesocket.net Address: 10.0.2.1 > server ns1.wustl.edu Default Server: ns1.wustl.edu Address: 128.252.135.4 > ls -d wustl.edu hehehe view the nice result :~Short_Circut~:
This archive was generated by hypermail 2b30 : Sun Jun 09 2002 - 08:25:42 PDT