سؤال

For testing purposes, I'm trying to get a list of all DNS records set for a domain, using this method.

This works:

root@cs:/# dig @nameserver domain

; <<>> DiG 9.9.2-P1 <<>> @nameserver domain
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32999
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain.           IN      A

;; ANSWER SECTION:
domain.    3600    IN      A       my-IP

;; Query time: 2 msec
;; SERVER: my-IPv6-IP-(I-think)
;; WHEN: Thu Jun 20 16:03:05 2013
;; MSG SIZE  rcvd: 83

However, when I add axfr to the command as is suggested in that answer on Server Fault (and all over the net), it fails:

root@cs:/# dig @ns1.transip.nl changeyourschool.nl axfr

; <<>> DiG 9.9.2-P1 <<>> @ns1.transip.nl changeyourschool.nl axfr
; (2 servers found)
;; global options: +cmd
; Transfer failed.

Why is this, and, more importantly, how can I get the full list of DNS records if this fails?

هل كانت مفيدة؟

المحلول

Why this is, I don't know, but you can use this to get all the DNS records:

root@cs:/# dig google.com ANY +nostat +nocmd +nocomments

; <<>> DiG 9.9.2-P1 <<>> google.com ANY +nostat +nocmd +nocomments
;; global options: +cmd
;google.com.                    IN      ANY
google.com.             56328   IN      NS      ns4.google.com.
google.com.             56328   IN      NS      ns2.google.com.
google.com.             56328   IN      NS      ns1.google.com.
google.com.             56328   IN      NS      ns3.google.com.
ns4.google.com.         85545   IN      A       216.239.38.10
ns1.google.com.         85545   IN      A       216.239.32.10
ns3.google.com.         57402   IN      A       216.239.36.10
ns2.google.com.         85545   IN      A       216.239.34.10

The +nostat, +nocmd and +nocomments additions can be omitted, but reduce the useless output.

نصائح أخرى

Keelan's solution did not work for me.

What did work for me was a two step process (on Linux and Windows).

Step one type:

dig ns google.com

Where google.com is the domain of interest.

This returned a list of name servers such as:

ns1.google.com.         60      IN      A       216.239.32.10

Step two type:

dig ns1.google.com google.com any

Where ns1.google.com is the name server for the domain (found in step 1) and google.com is the domain of interest.

This yielded results such as:

google.com.             31335   IN      NS      ns4.google.com.
google.com.             31335   IN      NS      ns2.google.com.
google.com.             31335   IN      NS      ns3.google.com.
google.com.             59      IN      SOA     ns1.google.com. dns-admin.google.com. 1579113 7200 1800 1209600 300
google.com.             60      IN      A       216.58.220.142
google.com.             2251    IN      TXT     "v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"
google.com.             31335   IN      NS      ns1.google.com.
google.com.             185     IN      AAAA    2404:6800:4006:800::200e

Hope this helps. If it does not, you can always try: http://www.whois.com.au/whois/dns.html.

Like the answer you link to explains, the convention is to disallow the axfr command except for trusted peers.

If zone transfers are disabled, you can only get an approximate listing of hosts within a zone by guessing them, i.e. basically a dictionary attack. A well-maintained site will have measures in place to mitigate that approach as well.

مرخصة بموجب: CC-BY-SA مع الإسناد
لا تنتمي إلى StackOverflow
scroll top