I want to see what nodes exist under a certain domain from within the domain. Short of querying every valid IP address within that domain, is there a way to get all records/map the network?
SnapOverflow
I want to see what nodes exist under a certain domain from within the domain. Short of querying every valid IP address within that domain, is there a way to get all records/map the network?
Typically zone transfers are denied if the server is properly configured. You can do a zone transfer via dig:
dig @127.0.0.1 domain.com. AXFRYou can also use nslookup:
nslookup -query=AXFR domain.com 127.0.0.1If you are not the administrator, you might be better off contacting your IT department for further details.
As warner mentioned (that's becoming familiar), zone transfers are othen denied for security reasons. If the name servers aren't something you have access to you can attempt to discover the most common subdomains of a given domain using one of the popular DNS bruteforce scripts. They work by performing DNS requests against a local nameserver using a user supplied dictionary list. Dictionary lists exist solely for this purpose.
WS-DNS-BFX is one such script (perl and threaded I believe).
Using the
nslookupcommand that @warner provided above, I was not able to retrieve the records that I was looking for.Based on some answers from this post, I was able to retrieve them using
nslookupin interactive mode.I also found an alternative to the
digcommand here.