RE: DNS zone transfer

From: David LaPorte (david_laporteat_private)
Date: Sun Jun 16 2002 - 21:20:09 PDT

  • Next message: Van Cloude Jandame: "openbse rumours"

    Sorry to post late - I've been on vacation and I didn't see a solution
    posted in the thread.
    
    DNS/BIND has no built-in mechanism to enumerate domains on a nameserver, but
    it is fairly straight-forward to do with whois if the domains are registered
    with network solutions (and some other registrar that supports HOST and
    SERVER lookups).
    
    Execute a domain query.
    Locate the first DNS server.
    Execute a whois query on that DNS server:
    whois "HOST 10.10.10.1"@whois.networksolutions.com
    Locate the HST record for the DNS server.
    Execute a whois query with the server directive using whois and the
    respective HST record:
    whois "SERVER NS9999-HST"@whois.networksolutions.com
    
    The above is from Hacking Exposed.  fatbrain.com was kind enough to publish
    the entire chapter :)
    http://www.osborne.com/fatbrain/series/networking/security/hack3e_ch01.html
    
    This isn't fail-proof, but this is the only way I know of to get the info
    you're looking for.
    
    David
    
    -----Original Message-----
    From: Vlad [mailto:progmanat_private]
    Sent: Saturday, June 08, 2002 10:01 AM
    To: vuln-devat_private
    Subject: DNS zone transfer
    
    
    Greetings,
    
    Is it possible to remotely retrieve all DNS records from a server
    *without* knowing the specific zones it hosts?
    (cause then I can script "dig @dns-server.ip zone-domain ALL" )
    
    If it matters the server runs the DNS service on Win2k and I've got no
    preferance for Windows or *NIX tools. Any will do.
    
    
    Thanks,
     - Vlad.
    



    This archive was generated by hypermail 2b30 : Sun Jun 16 2002 - 23:11:48 PDT