Re: Question for DNS pros

["Oliver () greyhat de" <Oliver () greyhat de>]

VX Dude wrote:

> named exploits are usefull for finding out what's
> inside a named.conf even in chroot jails.
>
> - 2 cents
>
> --- Paul Schmehl <pauls () utdallas edu> wrote:
>  
>
> > Can this be done?
> >
> > Conditions:
> > 1) You know an IP address that is running a DNS
> > server.  (IOW, it responds 
> > to digs.)
> > 2) You do not know the hostname or domain of the
> > host.
> > 3) The DNS server does not allow zone transfers.
> >
> > You want to find out *all* the domains that that DNS
> > server is 
> > authoritative for.  (Essentially you're trying to
> > find out what's in the 
> > named.conf file rather than zone file info.)
> >
> > Has anyone written a tool that can do this?  I
> > thought about the 
> > possibility of parsing all the registration sites
> > for the Primary and 
> > Backup NS, but that would take forever.  I imagine
> > you could write a perl 
> > script that would access the web interfaces, do the
> > queries and return the 
> > results, but it would run for days...
> >
> > Paul Schmehl (pauls () utdallas edu)
> > Adjunct Information Security Officer
> > The University of Texas at Dallas
> > AVIEN Founding Member
> > http://www.utdallas.edu/ir/security/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> > http://lists.netsys.com/full-disclosure-charter.html
> >
> >    
>
>
>
>                 
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail Address AutoComplete - You start. We finish.
> http://promotions.yahoo.com/new_mail 
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  
hm... you could also try reverse lookups for all existing ip-adresses in 
the world :)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html