I cannot list them using dig/nslookup/host.
Asked
Active
Viewed 1.1e+01k times
45
-
2You cannot crawl an entire domain without previously knowing all its RR. For a discussion about this feature, see the work related to `NSEC3` design (listed in [RFC5155, section 1.1](http://tools.ietf.org/html/rfc5155#section-1.1)) – Manu H Oct 08 '14 at 06:50
2 Answers
33
There are two ways, both require administrator access or trust to the DNS records:
- Perform a zone transfer (AXFR) on the domain to retrieve all records for the domain. The DNS administrator needs to explicitly allow AXFR transfers to your IP address from your chosen DNS server. You can perform such a transfer like this:
dig @ns1.google.com google.com AXFR
- Directly view the zonefile on the relevant DNS server. You need administrator access to the DNS server for this.
12
With proper permissions on the DNS, grep for cname records:
host -t axfr my.dom.com dns.my.dom.com | grep -i cname
gimel
- 1,193
- 7
- 9