RE: DNS zone transfer

From: Maximiliano Perez (mpat_private)
Date: Sun Jun 09 2002 - 09:28:39 PDT

Next message: Toni Heinonen: "VS: DNS zone transfer"

Previous message: Mike Theriault: "RE: Phone Switches + telephone banking etc"
In reply to: Vlad: "RE: DNS zone transfer"
Next in thread: David Schwartz: "RE: DNS zone transfer"
Next in thread: Brad Bemis: "RE: DNS zone transfer"
Next in thread: Maximiliano Perez: "RE: DNS zone transfer"
Reply: David Schwartz: "RE: DNS zone transfer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

They can restrict it via:

	- Filtering port 53/tcp, try telneting.
	- Restricting axfr's in config file.

I think you should find another way.

btw i think this is offtopic.

-----Mensaje original-----
De: Vlad [mailto:progmanat_private]
Enviado el: Sunday, June 09, 2002 5:02 AM
Para: 'Short_Circut'
CC: vuln-devat_private
Asunto: RE: DNS zone transfer


First of all thanks for the answer, but I must say that I've already
tried all that. 

Using nslookup returns the following:
=====================================
> ls -d domain.com
[[ns.domain.com]]
*** Can't list domain domain.com: Query refused
>
> domain.com
domain.com        nameserver = ns.domain.com
....		....
domain.com
        primary name server = ns1.domain.com
        responsible mail addr = p
        serial  = 1234567890
        refresh = 3600 (1 hour)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
ns.domain.com    internet address = x.x.x.x
=====================================
The request to enumerate all domain records (first ex.) returns "Query
refused".
A resolve request (second ex.) return what seems like all nameserver
records for that domain (type = ALL in nslookup).

That's nice but not as important as the other records the server
contains , they are the ones I'm after. 

Suggestions?


  - Vlad.


-----Original Message-----
From: Short_Circut [mailto:circutat_private] 
Sent: Sunday, June 09, 2002 3:22 AM
To: Vlad
Cc: vuln-devat_private
Subject: Re: DNS zone transfer




> Greetings,
>
> Is it possible to remotely retrieve all DNS records from a server
> *without* knowing the specific zones it hosts?
> (cause then I can script "dig @dns-server.ip zone-domain ALL" )
>
> If it matters the server runs the DNS service on Win2k and I've got no
> preferance for Windows or *NIX tools. Any will do.
>
>
> Thanks,
>  - Vlad.
>

try 'host' and nslookup.

host -l wustl.edu

and nslookup

[root@TheSocket - <~> nslookup
Default Server:  Server.thesocket.net
Address:  10.0.2.1

> server ns1.wustl.edu
Default Server:  ns1.wustl.edu
Address:  128.252.135.4

> ls -d wustl.edu


hehehe
view the nice result

:~Short_Circut~:

Next message: Toni Heinonen: "VS: DNS zone transfer"
Previous message: Mike Theriault: "RE: Phone Switches + telephone banking etc"
In reply to: Vlad: "RE: DNS zone transfer"
Next in thread: David Schwartz: "RE: DNS zone transfer"
Next in thread: Brad Bemis: "RE: DNS zone transfer"
Next in thread: Maximiliano Perez: "RE: DNS zone transfer"
Reply: David Schwartz: "RE: DNS zone transfer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 09 2002 - 09:51:19 PDT