[ale] OT: DNS query (dig) question
Joe Steele
joe at madewell.com
Tue May 11 13:31:07 EDT 2004
On Tuesday, May 11, 2004 11:42 AM, Fulton Green wrote:
>
> Back in the "nslookup" days, I could do a query on all the registered
> hostnames for a given domain, something akin to:
>
> nslookup> ls -d somedomain.com > somedomainhosts.txt
>
> Now that nslookup is deprecated, I was wondering if there was a similar
> way to perform this type of query, or if this type of query has since
> been deemed a security risk.
>
nslookup performs this action using a zone transfer. The same action
can be performed with dig:
dig @authoritative-server somedomain.com axfr > somedomainhosts.txt
Many domain name servers will block zone transfers (a form of
security through obscurity), so the operation will not always succeed
(regardless of whether you use nslookup or dig).
--Joe
More information about the Ale
mailing list