Is there any way to get all DNS A records worldwide for a specific domain?

2

nslookup works to give you only the A records your configured DNS has. For example, if you are using a US DNS and perform a lookup on duckduckgo.com, you get IP addresses of servers in the US that resolve to that name. But if you are using a DNS provider in Germany, you get IP addresses of servers in Ireland that resolve to that name. You are being returned IP addresses corresponding to servers closest to your geographical location.

Is there anyway to get all A records in existence that resolve to a single name, regardless of your current DNS provider? Or the only way to do it is to get a list of all public DNS providers in the world and query them one by one?

user5950

Posted 2018-06-03T22:13:53.520

Reputation: 123

Answers

4

No. What you are asking is not possible unless you ask the domain owner and that owner deigns to tell you this information. Even a list of all open DNS providers in the world won't tell you this information, especially as many of those will respond differently to different IPs.

davidgo

Posted 2018-06-03T22:13:53.520

Reputation: 49 152

1

First, you need to separate the protocol (DNS) from a specific tool (nslookup).

You can do DNS queries with many different tools, and for example dig is prefered over nslookup as it has more features and is closer to a true DNS resolver. Also you need to remember that A is only a default type, certainly not the only one, and in fact the true modern Internet should run on AAAA records nowadays, but this is another discussion.

Now about "You are being returned IP addresses corresponding to servers closest to your geographical location.", this is not a property of the DNS protocol per se. It is just that some domains for fail-over and load-balancy reasons (and happy eye-balls) are setup in such a way that DNS queries try to answer with an IP that is "closest" to the querier.

So first your question is restricted to some specific domains and since each of them could be setup in specific ways the only generic response to your question is no, you can not find all such IPs (but anyway why do you want to?).

Now, like Abu Zaid said you can use various tools online to do DNS queries from whatever parts of the world and collect all replies. You can do the same yourself using things such as RIPE probes, with some programming.

Some owners of such domain do also publish all their IPs online somewhere on their website because it may be needed by others to create proper access control lists and such. This is however very specific to the domain.

So in short, the generic answer is no but the specific answer for your case depends on both why you need to do it (as it has consequences on the frequency for example, IP addresses may change) and which specific domain name(s) as each own will be its own case.

Patrick Mevzek

Posted 2018-06-03T22:13:53.520

Reputation: 1 334

After searching more found out an online tool called robtex. It returns all found IP addresses for a given domain name worldwide. I thought that if an online tool can do it, there must be a way for one to do it too from one's computer. – user5950 – 2018-06-03T23:55:37.910

1@user5950 How do you know it returns "all" IP? There is no way to guarantee that... – Patrick Mevzek – 2018-06-04T01:55:02.023

0

dnschecker.org is a website that will resolve the fqdn from lot of DNS servers around the world.

Abu Zaid

Posted 2018-06-03T22:13:53.520

Reputation: 172

0

If the zone is configured on the authorative name server somewhat incorrectly, so that zone transfers/queries are allowed to any host, you could pull the entire zone's information with 

dig -t axfr example.com

However, like I said, this is a rather poor configuration - zone transfers should only be allowed to secondary/slave nameservers for the domain/zone in question.

The closest you are probably able to get would be to check the SOA records. This would at least list all name servers, mail servers (MX records), TXT records, etc. for the domain/zone,if not all A and CNAME records

host -a example.com

or 

dig any example.com

You could use either of these methods to pull a list of all name servers for the domain/zone, then query each one individually for the hostname you are wanting the list of A/CNAME records for.

ivanivan

Posted 2018-06-03T22:13:53.520

Reputation: 2 634

It is not incorrect to allow AXFR... and dig any certainly does not do what you think it does... – Patrick Mevzek – 2018-06-04T01:55:51.260

Asked: 2018-06-03T22:13:53.520

Viewed: 1 279 times

Active: 2018-06-05T04:21:01.320