1

Possible Duplicate:
Querying DNS for CNAMEs for a server

I have an interesting problem, given a FQDN, how do you find all its alias names WITHOUT having access to the DNS files or being able to list the domain (zone)?

The issue is restricted to all aliases within a single domain.

mdpc
  • 11,698
  • 28
  • 51
  • 65

2 Answers2

4

AFAIK you can't - There is no reliable way to know how many CNAMEs point to a given hostname. DNS does not have a link/reference count like a filesystem does.

Restricting the problem to a single domain makes it more plausible, but still not really possible within the constraints you provided in your question:

  • If you can do an AXFR of the domain (dig -t AXFR domain.com) you'll get a dump of all the records, and you can parse them.
  • Alternatively you can examine the zone file if you have access to it.

If neither of those is an option, or if you're not restricting yourself to a single domain the problem is effectively unsolvable - it's like asking how many people in the world used the word "wombat" today.

voretaq7
  • 79,345
  • 17
  • 128
  • 213
3

You cannot find this information without a copy of the zone.

About the closest thing you could do is to just capture the data in logs or in a packet capture if the name is included as part of the protocol (ie http name-based hosting).

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • drat...I suspected as much...thought that I might have missed some cool utility to do this. – mdpc Sep 06 '11 at 20:48
  • 1
    the only tool that I can think of that may help is `dig -t AXFR` (see my answer), but that requires the server to allow the transfer, which is unlikely these days... – voretaq7 Sep 06 '11 at 20:52