12

Is it possible to get all DNS records off a remote server?

Choor
  • 121
  • 1
  • 1
  • 4

3 Answers3

15

Normally you can't, but if the DNS server allows zone tranfers to anyone (unlikely) you can do it.

anonymous coward
  • 272
  • 2
  • 12
  • +1 That's the definitive answer. Without a zone transfer you cannot even know if you have obtained all the records for a given zone. – John Gardeniers Mar 04 '10 at 02:45
4

Zone transfers are always available to slave nameservers. This will be at least all the listed nameservers except the master nameserver. Higher security configuration hide the master nameserver and may not allow public access to it.

dig axfr sld.tld. @nameserver

Once upon a time, zone transfers were frequently available to everyone. Today's best practices discourage allowing them to everyone. This helps limit information leakage. The "dig axfr" command above will get the data if it is available.

BillThor
  • 27,354
  • 3
  • 35
  • 69
  • "Zone transfers are always available to slave nameservers." that is between the primary and all secondary nameservers, which does not mean in turn that secondary nameservers are open to AXFR queries from any source. And even that is not always true, as there is IXFR also and more and more often secondaries are configured as a set/cloud at same time as primary, and there is in fact no in-band zone transfer at all. – Patrick Mevzek Jun 26 '19 at 23:48
3

Try Zonetransfer on unix shell:

$ dig axfr sld.tld. @nameserver

get a list of nameservers delegated for your zone:

$ dig soa sld.tld. +trace
ZaphodB
  • 653
  • 3
  • 9