6

My DNS server used to be the DNS server for a company's domain. However they moved elsewhere. Oddly enough, years later they were still listing my DNS server in their whois record (or, more properly, in their glue records).

Now I'm curious if there are other domains doing the same thing.

Is there a way I can find which domains list my server as their nameserver?

In the old days one could query for "host records" with whois but I don't see a way to do that now

TomOnTime
  • 7,567
  • 6
  • 28
  • 51

1 Answers1

3

The only (sane) way to identify the domains returning referrals to your nameserver is to log the packets that you're returning a response of REFUSED to, either via nameserver logging options or packet captures. Naturally, this only works if caching services are actively looking up that domain.

There are a few non-trivial methods you can use to harvest what glue is configured at the TLD level, but even these won't tell you which servers have glue records configured from the third level domains onward as that data is not stored on the TLDs at all.

Andrew B
  • 31,858
  • 12
  • 90
  • 128
  • It is not unfeasible but remains huge work: at least with gTLDs you can download (daily) zonefiles in which you will find out all (published) domain names and their associated NS records. After that you need to do an inverse search (from the NS to the domains). – Patrick Mevzek Mar 23 '17 at 23:38
  • @Patrick Very true. I've edited the answer to factor that in, along with how such solutions can't capture glue configured from the third DNS label onward. (barring cases like `co.uk` and similar) – Andrew B Mar 23 '17 at 23:43
  • You could also use historical DNS databases such as DNSDB ( https://www.farsightsecurity.com/solutions/dnsdb/ ) to find past records of DNS queries for some domains that returned the given NS. Also you could try contacting the registrar of the domain name in which your NS is as I know that some registries provide their registrars with files listing for all nameservers objects what domain names (in the registry zone of course, not in others) reference them. This was in the gTLD world but since you do not give the name of the nameserver involved... – Patrick Mevzek Mar 24 '17 at 00:00
  • @Patrick It's been a few years since I answered this. With as much as you're contributing you may as well put it into your own answer. It'd get my upvote. – Andrew B Mar 24 '17 at 04:42