Vulnerability Development mailing list archives

Re: DNS zone transfer

From: Olaf Kirch <okir () caldera de>
Date: Mon, 10 Jun 2002 10:46:20 +0200

On Sun, Jun 09, 2002 at 10:45:18AM -0700, Brad Bemis wrote:

Just a few ideas...   There are several more advanced methods that could
also be used, but they do not involve passive information gathering ;-)


Try whois to get the IP networks assigned to the target, then do PTR
lookus to gather host names in that zone, and finally forward lookups
on all names retrieved that way. Most of the time this should
give you ~90% of all records in that zone (most notably, CNAMEs will
fall through the cracks).

Olaf
-- 
Olaf Kirch        |  Anyone who has had to work with X.509 has probably
okir () caldera de   |  experienced what can best be described as
------------------+  ISO water torture. -- Peter Gutmann

Current thread:

DNS zone transfer Vlad (Jun 08)
- Re: DNS zone transfer Short_Circut (Jun 08)
  - RE: DNS zone transfer Vlad (Jun 09)
    - RE: DNS zone transfer Maximiliano Perez (Jun 09)
    - RE: DNS zone transfer David Schwartz (Jun 09)
    - Re: DNS zone transfer Ed Schmollinger (Jun 10)
    - RE: DNS zone transfer Maximiliano Perez (Jun 10)
    - Re: DNS zone transfer Deus, Attonbitus (Jun 10)
    - Re: DNS zone transfer Frank Knobbe (Jun 11)
    - RE: DNS zone transfer Brad Bemis (Jun 09)
    - Re: DNS zone transfer Olaf Kirch (Jun 10)
    - RE: DNS zone transfer Terry Grace (Jun 10)
  - RE: DNS zone transfer Maximiliano Perez (Jun 09)
- Re: DNS zone transfer Ralf Vitasek (Jun 09)
  - Re: DNS zone transfer Edwin Groothuis (Jun 10)
    - Re: DNS zone transfer Jefferson Ogata (Jun 11)
- RE: DNS zone transfer deepblue (Jun 10)
- RE: DNS zone transfer David LaPorte (Jun 16)
- <Possible follow-ups>
- RE: DNS zone transfer David Schwartz (Jun 09)
- Re: DNS zone transfer Blue Boar (Jun 10)
- Re: DNS zone transfer Eric Monti (Jun 10)

(Thread continues...)