As an end user, where nameservers are not correctly set up, you can't walk the DNS to get a list of all the resource records (which is, I think, what you are asking).
If the domain name is not correctly set up (or if you have elevated privs, which I assume you don't), you can do a "Zone Transfer" which will dump the contents of the zone - look here, but, under Linux, its as simple as doing a dig axfr domain.name @dns.server.name
If you have access to the box or can intercept network traffic where "the particular subdomain", and if the target traffic is "http", you can sniff the http headers to get a list of requests (if you run the web server, you can create a log file to produce this info which you can search through)
Lastly, if you have a list of domains, and you know the subdomain you are looking for for each domain, its possible to write a script to query the subdomain for each domain, and log that. (But I suspect this is not what you are asking ?)