-1

For example, I want to find all domain names that are forwarded to bankofamerica.com.

I know that fleetbank.com and fleetboston.com both forward to bankofamerica.com.

How can I find ALL domain names that forward to bankofamerica.com?

(note that I'm interested in the general case, just using bankofamerica.com as the example)

Andrew B
  • 31,858
  • 12
  • 90
  • 128
  • I don't think the DNS works like that. – MadHatter Mar 06 '14 at 14:54
  • Agreed, I'm guessing that there has to be some sort of programmatic step in between that trawls DNS records to obtain this data. I'd also guess somebody has already done this, so just trying to gain from their experience. – user211836 Mar 06 '14 at 15:00
  • 2
    It doesn't. If you knew the name of a particular nameserver it's possible to query for all of the entries in it. However, since anybody could configure a DNS server to forward to bankofamerica.com, there's no way to "backtrack" through DNS and reliably discover every domain that is forwarded to it. – tdk2fe Mar 06 '14 at 15:01
  • I've edited the title to be more clear. – Andrew B Mar 06 '14 at 15:08
  • DNS servers are generally configured to refuse requests from untrusted addresses to list all their domains. – Flup Mar 06 '14 at 15:12

1 Answers1

1

www.fleetbank.com and www.fleetboston.com are CNAME records that point to www.bankofamerica.com, among other DNS entries.

This is not possible to track down through normal means. CNAME records are not known about by the destination nameservers, unless the records are hosted by the same nameserver. (in which case the nameserver will also respond with the corresponding A record to speed up resolving)

;; QUESTION SECTION:
;www.fleetbank.com.             IN      A

;; ANSWER SECTION:
www.fleetbank.com.      3600    IN      CNAME   www.bankofamerica.com.
www.bankofamerica.com.  250     IN      CNAME   wwwui.ecglb.bac.com.
wwwui.ecglb.bac.com.    26      IN      A       171.161.199.100

In this scenario, www.bankofamerica.com resides on a different nameserver, and wwwwui.ecglb.bac.com resides on the same nameserver. It provides an A record hint for wwwui.ecglb.bac.com, but not www.bankofamerica.com. The nameservers for Bank of America have no knowledge that this CNAME exists.

Andrew B
  • 31,858
  • 12
  • 90
  • 128