Full Disclosure mailing list archives

Question for DNS pros

From: Paul Schmehl <pauls () utdallas edu>
Date: Fri, 23 Jul 2004 12:32:28 -0500

Can this be done?

Conditions:

1) You know an IP address that is running a DNS server. (IOW, it respondsto digs.)

2) You do not know the hostname or domain of the host.
3) The DNS server does not allow zone transfers.

You want to find out *all* the domains that that DNS server isauthoritative for. (Essentially you're trying to find out what's in thenamed.conf file rather than zone file info.)

Has anyone written a tool that can do this? I thought about thepossibility of parsing all the registration sites for the Primary andBackup NS, but that would take forever. I imagine you could write a perlscript that would access the web interfaces, do the queries and return theresults, but it would run for days...


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Question for DNS pros Paul Schmehl (Jul 23)
- Enumerating a DNS servers authoritative zones (was Question for DNS pros) Bennett Todd (Jul 23)
  - Re: Enumerating a DNS servers authoritative zones (was Question for DNS pros) Paul Schmehl (Jul 23)
- Re: Question for DNS pros Dennis Opacki (Jul 23)
- Re: Question for DNS pros VX Dude (Jul 23)
  - Re: Question for DNS pros Oliver () greyhat de (Jul 23)
    - Re: Question for DNS pros Paul Schmehl (Jul 23)
    - Re: Question for DNS pros ALD, [ Aditya Lalit Deshmukh ] (Jul 23)
    - Re: Question for DNS pros Paul Schmehl (Jul 23)
    - Re: Question for DNS pros Steve (Jul 25)
    - Re: Question for DNS pros Cyril Guibourg (Jul 23)

(Thread continues...)