Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Question for DNS pros
From: Dennis Opacki <dopacki () adotout com>
Date: Fri, 23 Jul 2004 14:50:58 -0400 (EDT)


Public-facing .Com and .Net zone authority could be derived in-part from
the appropriate TLD zone files:


The .Org TLD zone file is available through PIR:


As Bennett described, though, this won't necessarily provide a complete


On Fri, 23 Jul 2004, Paul Schmehl wrote:

Can this be done?

1) You know an IP address that is running a DNS server.  (IOW, it responds
to digs.)
2) You do not know the hostname or domain of the host.
3) The DNS server does not allow zone transfers.

You want to find out *all* the domains that that DNS server is
authoritative for.  (Essentially you're trying to find out what's in the
named.conf file rather than zone file info.)

Has anyone written a tool that can do this?  I thought about the
possibility of parsing all the registration sites for the Primary and
Backup NS, but that would take forever.  I imagine you could write a perl
script that would access the web interfaces, do the queries and return the
results, but it would run for days...

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]