get a domain's dns records

Phil Mayers p.mayers at imperial.ac.uk
Fri Jan 21 14:23:35 UTC 2011


On 21/01/11 14:18, Phil Mayers wrote:
> On 21/01/11 13:50, Barry Margolin wrote:
>> In article<mailman.1415.1295616325.555.bind-users at lists.isc.org>,
>>    Joseph S D Yao<jsdy at tux.org>   wrote:
>>
>>> On Fri, Jan 21, 2011 at 02:19:45PM +0800, pyh at mail.nsbeta.info wrote:
>>>>
>>>> I'm jsut curious, how does "who.is" know the dns records in my domain
>>>> (nsbeta.info)?
>>>>
>>>> The page shows some of my RRs exactly:
>>>>
>>>> http://who.is/dns/nsbeta.info/
>>>
>>>
>>> The title of the page is, "Nsbeta.info DNS Lookup | Nameserver Lookup -
>>> Who.is - Who.is".  They probably did just exactly that - DNS lookup.
>>> Anything in DNS is public information.
>>
>> But the nameservers for the domain don't allow public zone transfers.
>> So if you know the names in the zone you can look them up, but how did
>> the site list the names in his zone?
>>
>
> Most of the records are well-known (i.e. A/MX/NS/SOA on the zone apex,
> or www.zone.name) or lookups of the RHS of a well-known. The site
> appears to probe for "test.zone.name".
>
> So it didn't "list" the zone. It looked up some well-known names and RRs
> and got replies.

In case anyone is curious, I tried it with our zone and then looked in 
the query logs; it looks for:

174.36.196.245#54513: view main: query: zone.name IN A +
174.36.196.245#33561: view main: query: zone.name IN MX +
174.36.196.245#34074: view main: query: zone.name IN NS +
174.36.196.245#44305: view main: query: zone.name IN SOA +
174.36.196.245#50109: view main: query: zone.name IN TXT +
174.36.196.245#52299: view main: query: blog.zone.name IN A +
174.36.196.245#59078: view main: query: forum.zone.name IN A +
174.36.196.245#51346: view main: query: help.zone.name IN A +
174.36.196.245#40281: view main: query: mail.zone.name IN A +
174.36.196.245#45344: view main: query: mail.zone.name IN MX +
174.36.196.245#34294: view main: query: test.zone.name IN A +
174.36.196.245#48627: view main: query: www.zone.name IN A +



More information about the bind-users mailing list