I know that it's probably (no longer) possible because of abuse, but I want to check nonetheless. Is there a way for me to obtain the company zone file for a domain myself, without having to contact the people who host the DNS for that domain?
Is there a way to get the complete zone file for a domain, without getting it from the company that hosts the DNS for that specific domain?
Answer
You can try to initiate a zone transfer.
You are right though, no sanely configured DNS server should still allow this nowadays. Not just because as a zone admin you don't want to expose your internals but also because AXFR responses are way bigger than the queries, so they prove to be an excellent way for DoS reflection attacks as a <100 bytes spoofable UDP package can make a server send multiple KB of response to any machine on the internet.
If you still want to try:
In the nslookup utility, you can use ls [name of domain] to get the zone information.
And if you prefer dig, then you can use
dig @dns.example.com example.com -t AXFR
Though as I said, it probably won't work for you.
No comments:
Post a Comment