get a domain's dns records
torinthiel at data.pl
Fri Jan 21 14:20:11 UTC 2011
Dnia 2011-01-21 08:50 Barry Margolin napisał(a):
>In article <mailman.1415.1295616325.555.bind-users at lists.isc.org>,
> Joseph S D Yao <jsdy at tux.org> wrote:
>> On Fri, Jan 21, 2011 at 02:19:45PM +0800, pyh at mail.nsbeta.info wrote:
>> > I'm jsut curious, how does "who.is" know the dns records in my domain
>> > (nsbeta.info)?
>> > The page shows some of my RRs exactly:
>> > http://who.is/dns/nsbeta.info/
>> The title of the page is, "Nsbeta.info DNS Lookup | Nameserver Lookup -
>> Who.is - Who.is". They probably did just exactly that - DNS lookup.
>> Anything in DNS is public information.
>But the nameservers for the domain don't allow public zone transfers.
>So if you know the names in the zone you can look them up, but how did
>the site list the names in his zone?
My guess would be that they don't list the whole zone. Look what's there:
nsbeta.info (dig any nsbeta.info) and some quite easy to guess prefixes:
mail, test and www. And everything deduced from them, like names
test.nsbeta.info and mail.nsbeta.info resolve to.
Probably all questions asked with ANY recordtype
I've tested on two other domains, and it looks like that - results show that
common prefixes also include blog. And they have some filtering of results,
as I have a * TXT record which didn't show up as blog entry. Actually dig
any on my zone gives even more information - e.g. SPF record , which didn't
show up on results. And they don't support third-level domains as well -
asking form mail.nsbeta.info returns information about nsbeta.info
More information about the bind-users