RE: DNS zone transfer

[Vlad <progman () netvision net il>]

First of all thanks for the answer, but I must say that I've already
tried all that. 

Using nslookup returns the following:
=====================================
> ls -d domain.com
[[ns.domain.com]]
*** Can't list domain domain.com: Query refused
> domain.com
domain.com        nameserver = ns.domain.com
....            ....
domain.com
        primary name server = ns1.domain.com
        responsible mail addr = p
        serial  = 1234567890
        refresh = 3600 (1 hour)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
ns.domain.com    internet address = x.x.x.x
=====================================
The request to enumerate all domain records (first ex.) returns "Query
refused".
A resolve request (second ex.) return what seems like all nameserver
records for that domain (type = ALL in nslookup).

That's nice but not as important as the other records the server
contains , they are the ones I'm after. 

Suggestions?


  - Vlad.


-----Original Message-----
From: Short_Circut [mailto:circut () TheSocket remoteserver org] 
Sent: Sunday, June 09, 2002 3:22 AM
To: Vlad
Cc: vuln-dev () securityfocus com
Subject: Re: DNS zone transfer




> Greetings,
>
> Is it possible to remotely retrieve all DNS records from a server
> *without* knowing the specific zones it hosts?
> (cause then I can script "dig @dns-server.ip zone-domain ALL" )
>
> If it matters the server runs the DNS service on Win2k and I've got no
> preferance for Windows or *NIX tools. Any will do.
>
>
> Thanks,
>  - Vlad.

try 'host' and nslookup.

host -l wustl.edu

and nslookup

[root@TheSocket - <~> nslookup
Default Server:  Server.thesocket.net
Address:  10.0.2.1

> server ns1.wustl.edu
Default Server:  ns1.wustl.edu
Address:  128.252.135.4

> ls -d wustl.edu


hehehe
view the nice result

:~Short_Circut~: