You might find yourself in a situation that you would like to know all the listed sub-domains in a domain. If you are the administrator of the DNS server you will not have much trouble of finding the information, if you are not the administrator of the server you can have a hard time finding out the sub-domains for a domain.There is a 'trick' you can use to make the domain server tell you what the sub-domains for a domain are. This 'trick' is however not always working. If the domain server you are talking to allows DNS zone transfer and it is allowing this information to be send to all IP addresses that request is you are in luck. A DNS zone transfer is used to update slave DNS servers from the master DNS server.
When you operate several DNS servers you do not want to update them all when you are making a change. In a ideal situation you update the master server and the slave servers do a request to the master server every X time to be updates in. In some cases the administrator of the DNS servers has not set a limitation to who can request those updates. This will mean that you also can request a update.
A quick example, we take the domain knmi.nl which is the Dutch meteorology institute. First we would like to know the authoritive nameserver of the domain so we do a 'dig knmi.nl' at a linux shell:
jlouwers$ dig knmi.nl
; <<>> DiG 9.4.2-P2 <<>> knmi.nl
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24089 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;knmi.nl. IN A ;; AUTHORITY SECTION: knmi.nl. 4521 IN SOA styx3.knmi.nl. postmaster.styx3.knmi.nl. 2008112601 14400 1800 3600000 86400 ;; Query time: 18 msec ;; SERVER: 212.54.40.25#53(212.54.40.25) ;; WHEN: Sat Nov 29 12:32:55 2008 ;; MSG SIZE rcvd: 78 jlouwers$ jlouwers$ jlouwers$
"dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig."
So now we know the authoritive nameserver of the domain knmi.nl, you can find it under ";; AUTHORITY SECTION:", so we will be asking the styx3.knmi.nl for all the subdomains listed for this domain. This can be done with the a command like 'dig @styx3.knmi.nl knmi.nl axfr'. With this command we ask styx3.knmi.nl for all records for knmi.nl with a axfr command, axfr is the zone transfer command.
jlouwers$
jlouwers$
jlouwers$ dig @styx3.knmi.nl knmi.nl axfr
; <<>> DiG 9.4.2-P2 <<>> @styx3.knmi.nl knmi.nl axfr
; (1 server found)
;; global options: printcmd
knmi.nl. 86400 IN SOA styx3.knmi.nl. postmaster.styx3.knmi.nl. 2008112601 14400 1800 3600000 86400
knmi.nl. 86400 IN MX 5 birma1.knmi.nl.
knmi.nl. 86400 IN MX 10 birma2.knmi.nl.
knmi.nl. 86400 IN NS ns1.surfnet.nl.
knmi.nl. 86400 IN NS ns3.surfnet.nl.
knmi.nl. 86400 IN NS styx3.knmi.nl.
*.knmi.nl. 86400 IN MX 5 birma1.knmi.nl.
*.knmi.nl. 86400 IN MX 10 birma2.knmi.nl.
adaguc.knmi.nl. 86400 IN CNAME www.knmi.nl.
alvtest.knmi.nl. 86400 IN A 145.23.254.224
bbc.knmi.nl. 86400 IN CNAME bgwcab.knmi.nl.
bcrpwt.knmi.nl. 86400 IN A 145.23.254.127
bdyis1.knmi.nl. 86400 IN CNAME www3.knmi.nl.
bdypwt.knmi.nl. 86400 IN A 145.23.254.159
bemc.knmi.nl. 86400 IN CNAME styx3.knmi.nl.
besarv.knmi.nl. 86400 IN A 145.23.254.219
bgoftp.knmi.nl. 300 IN A 145.23.254.254
bgwcab.knmi.nl. 86400 IN A 145.23.254.228
bhlbpaaa01.knmi.nl. 300 IN A 145.23.253.111
bhlbpaaa02.knmi.nl. 300 IN A 145.23.253.112
birma1.knmi.nl. 86400 IN A 145.23.254.201
birma2.knmi.nl. 86400 IN A 145.23.254.202
bswor1.knmi.nl. 86400 IN A 145.23.4.1
bswor3.knmi.nl. 86400 IN A 145.23.254.243
bswor4.knmi.nl. 86400 IN A 145.23.254.244
bswso1.knmi.nl. 86400 IN A 145.23.16.25
cesar-database.knmi.nl. 86400 IN A 145.23.253.206
charon1.knmi.nl. 86400 IN A 145.23.254.151
charon2.knmi.nl. 86400 IN A 145.23.254.152
charon3.knmi.nl. 86400 IN A 145.23.254.153
climexp.knmi.nl. 300 IN A 145.23.253.225
cloudnet.knmi.nl. 86400 IN CNAME bgwcab.knmi.nl.
codex.knmi.nl. 86400 IN CNAME hades.knmi.nl.
eca.knmi.nl. 300 IN A 145.23.253.211
ecaccess.knmi.nl. 86400 IN CNAME styx1.knmi.nl.
ecad.knmi.nl. 86400 IN CNAME eca.knmi.nl.
ecadev.knmi.nl. 86400 IN A 145.23.254.218
ecearth.knmi.nl. 86400 IN CNAME climexp.knmi.nl.
esr.knmi.nl. 86400 IN A 145.23.254.216
ftp.knmi.nl. 86400 IN CNAME ftpgig.knmi.nl.
ftp2.knmi.nl. 86400 IN A 145.23.253.247
ftpgig.knmi.nl. 300 IN A 145.23.253.248
ftpmeteo.knmi.nl. 86400 IN A 145.23.254.54
ftppro.knmi.nl. 300 IN A 145.23.253.245
gate.knmi.nl. 86400 IN CNAME hades.knmi.nl.
gate1.knmi.nl. 86400 IN CNAME hades.knmi.nl.
gate2.knmi.nl. 86400 IN A 145.23.254.252
gate2p1.knmi.nl. 86400 IN CNAME charon1.knmi.nl.
gate2p2.knmi.nl. 86400 IN CNAME charon2.knmi.nl.
gate2p4.knmi.nl. 86400 IN CNAME webmail.knmi.nl.
gate3.knmi.nl. 86400 IN A 145.23.254.253
gate6.knmi.nl. 86400 IN A 145.23.254.236
geoservices.knmi.nl. 86400 IN A 145.23.253.210
hades.knmi.nl. 86400 IN A 145.23.254.158
hades1.knmi.nl. 86400 IN A 145.23.254.213
hexnet.knmi.nl. 86400 IN A 145.23.254.221
hl.knmi.nl. 86400 IN CNAME hexnet.knmi.nl.
hug.knmi.nl. 86400 IN CNAME hexnet.knmi.nl.
kd.knmi.nl. 300 IN A 145.23.253.193
kodac.knmi.nl. 300 IN A 145.23.253.131
localhost.knmi.nl. 86400 IN A 127.0.0.1
lvxtest.knmi.nl. 86400 IN A 145.23.254.227
maris.knmi.nl. 300 IN A 145.23.253.132
nadc-virt.knmi.nl. 86400 IN A 145.23.254.48
nadc01.knmi.nl. 86400 IN A 145.23.254.50
nadc02.knmi.nl. 86400 IN A 145.23.254.49
nadcorders.knmi.nl. 300 IN A 145.23.240.221
namis.knmi.nl. 86400 IN A 145.23.253.246
neonet.knmi.nl. 86400 IN A 145.23.254.222
neries.knmi.nl. 86400 IN A 145.23.254.250
newalv.knmi.nl. 86400 IN A 145.23.254.24
newhirlam.knmi.nl. 86400 IN A 145.23.254.106
newlvx.knmi.nl. 86400 IN A 145.23.254.25
newshost.knmi.nl. 86400 IN CNAME gate2.knmi.nl.
ns.knmi.nl. 86400 IN CNAME styx3.knmi.nl.
opmet.knmi.nl. 86400 IN CNAME newalv.knmi.nl.
orfeus.knmi.nl. 86400 IN CNAME neries.knmi.nl.
orfeustest.knmi.nl. 86400 IN CNAME bswor4.knmi.nl.
overheid.knmi.nl. 300 IN A 145.23.253.238
overheid-test.knmi.nl. 86400 IN A 145.23.253.237
portal.knmi.nl. 86400 IN A 145.23.254.191
sorry.knmi.nl. 86400 IN A 145.23.253.252
styx1.knmi.nl. 86400 IN A 145.23.254.238
styx2.knmi.nl. 86400 IN A 145.23.254.159
styx3.knmi.nl. 86400 IN A 145.23.254.155
swe.knmi.nl. 86400 IN CNAME styx3.knmi.nl.
test.knmi.nl. 86400 IN CNAME bcrpwt.knmi.nl.
testaccess.knmi.nl. 86400 IN A 145.23.254.195
trajks.knmi.nl. 86400 IN CNAME climexp.knmi.nl.
wap.knmi.nl. 86400 IN CNAME www.knmi.nl.
webaccess.knmi.nl. 86400 IN A 145.23.254.190
webmail.knmi.nl. 86400 IN A 145.23.254.154
www.knmi.nl. 300 IN A 145.23.253.254
www3.knmi.nl. 86400 IN A 145.23.254.200
knmi.nl. 86400 IN SOA styx3.knmi.nl. postmaster.styx3.knmi.nl. 2008112601 14400 1800 3600000 86400
;; Query time: 19 msec
;; SERVER: 145.23.254.155#53(145.23.254.155)
;; WHEN: Sat Nov 29 12:39:04 2008
;; XFR size: 95 records (messages 1, bytes 2169)
jlouwers$
jlouwers$
jlouwers$
This is how you can get a complete list of all subdomains listed at a domain server. However, this will only work in cases that a domain server is allowing you to request a zone transfer.
1 comment:
You can get such list here :
www.wholinks.org
Some examples :
www.wholinks.org/report-wordpress.com.html
or sites with a network ! :
www.wholinks.org/report-csdn.net.html
Post a Comment