DiG transfer with axfr parameters

Question

DiG transfer with axfr parameters

For testing purposes, I am trying to get a list of all the DNS records set for a domain using this method .

It works:

root@cs :/# dig @nameserver domain ; <<>> DiG 9.9.2-P1 <<>> @nameserver domain ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32999 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;domain. IN A ;; ANSWER SECTION: domain. 3600 IN A my-IP ;; Query time: 2 msec ;; SERVER: my-IPv6-IP-(I-think) ;; WHEN: Thu Jun 20 16:03:05 2013 ;; MSG SIZE rcvd: 83

However, when I add axfr to the command, as suggested in this answer to “Server Error” (and across the network), it fails:

 root@cs :/# dig @ns1.transip.nl changeyourschool.nl axfr ; <<>> DiG 9.9.2-P1 <<>> @ns1.transip.nl changeyourschool.nl axfr ; (2 servers found) ;; global options: +cmd ; Transfer failed.

Why is this and, more importantly, how can I get a complete list of DNS records if this fails?

+4

command-line shell dns dig

Keelan Jun 20 '13 at 14:07

source share

3 answers

Keelan solution does not work for me.

What worked for me is a two-step process (on Linux and Windows).

Type of the first type:

dig ns google.com

Where google.com is an area of interest.

This returned a list of name servers, such as:

 ns1.google.com. 60 IN A 216.239.32.10

Step of the second type:

dig ns1.google.com google.com any

Where ns1.google.com is the name server for the domain (found in step 1), and google.com is the area of interest.

This produced results such as:

 google.com. 31335 IN NS ns4.google.com. google.com. 31335 IN NS ns2.google.com. google.com. 31335 IN NS ns3.google.com. google.com. 59 IN SOA ns1.google.com. dns-admin.google.com. 1579113 7200 1800 1209600 300 google.com. 60 IN A 216.58.220.142 google.com. 2251 IN TXT "v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all" google.com. 31335 IN NS ns1.google.com. google.com. 185 IN AAAA 2404:6800:4006:800::200e

Hope this helps. If this is not the case, you can always try: http://www.whois.com.au/whois/dns.html .

+1

Bret Jan 14 '15 at 2:24

source share

Like the answer that you are referring to the explanations, the convention is to prohibit the axfr command, except for trusted peers.

If zone transfer is disabled, you can get an approximate list of hosts in the zone by guessing them, that is, basically a dictionary attack. A well maintained site will have measures to mitigate this approach.

0

tripleee Jan 14 '15 at 4:39

source share

Keelan · Accepted Answer · 2013-06-20T14:17:13+0000

Why this is, I do not know, but you can use this to get all the DNS records:

 root@cs :/# dig google.com ANY +nostat +nocmd +nocomments ; <<>> DiG 9.9.2-P1 <<>> google.com ANY +nostat +nocmd +nocomments ;; global options: +cmd ;google.com. IN ANY google.com. 56328 IN NS ns4.google.com. google.com. 56328 IN NS ns2.google.com. google.com. 56328 IN NS ns1.google.com. google.com. 56328 IN NS ns3.google.com. ns4.google.com. 85545 IN A 216.239.38.10 ns1.google.com. 85545 IN A 216.239.32.10 ns3.google.com. 57402 IN A 216.239.36.10 ns2.google.com. 85545 IN A 216.239.34.10

Additions +nostat , +nocmd and +nocomments may be omitted, but reduce useless output.

DiG transfer with axfr parameters

More articles: