On Sun, Jun 09, 2002 at 05:35:41PM +0200, Ralf Vitasek wrote: > Vlad wrote: > > Is it possible to remotely retrieve all DNS records from a server > > *without* knowing the specific zones it hosts? > > (cause then I can script "dig @dns-server.ip zone-domain ALL" ) > > > > If it matters the server runs the DNS service on Win2k and I've got no > > preferance for Windows or *NIX tools. Any will do. > > i doubt that such a thing is possible, i would think of an information > leak otherwise. > for the dns`s servers (all bind on linux) i always even prohibit axfr's > for domains to unathorized hosts (i.e. i just allow my secondary > nameservers to do that). > > what *good* use anyone could have for such a thing? Auditing. Not all information gathering is used for bad purposes :-) For example, I've developed an DNS auditing system to check the state of health of our servers, the ones which we (were) delegated (delegating) to... Warnings kept popping up for weeks after the transfers of domain from a remote server to us or from us to another remote server. If you don't check and complain your DNS-network is going to be a mess, mail won't be transfered anymore, hosts will resolve wrong and all kind of things based on hostname-authorisations will go bad. Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwinat_private | Interested in MUDs? Visit Fatal Dimensions: bash$ :(){ :|:&};: | http://www.FatalDimensions.org/
This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 12:05:15 PDT