Is there a way to query our internal DNS entries to discover all the CNAME entries that point to a particular server?
Edit: We're a Windows environment, Server 2003.
Is there a way to query our internal DNS entries to discover all the CNAME entries that point to a particular server?
Edit: We're a Windows environment, Server 2003.
You didn't specify what your environment is but if you're using Unix I think a combination of dig and grep should work.
ns.example.com
should be the hostname of your nameserver,example.com
is the domain your host is part of, and HOST is the host that you want to find all the CNAME records for. That's actually a tab character in the grep command, not literally<TAB>
(you may have to adjust the grep string).Also your nameserver needs to to be configured to allow zone transfers, the particulars of which will be implementation dependent.
Or if you're on Windows you could use nslookup:
This should output all of the records for the domain
example.com
thatns.example.com
"knows about" to FILE. You can then use whatever tool you want to sort through the text file looking for the corresponding CNAMES.Or with this untested (but seemly correct looking) perl script:
A couple of points for completeness:
If you have access to your DNS configuration, it is rather trivial to discover this data. However, anyone can have a CNAME pointing to your server. You won't be able to trace these.
As @wombie has pointed out you can't do a reverse lookup for CNAMES. There is no PTR equivalent for CNAMES, and even if there where it is likely only some records would exist. A quick check of a random selection of domains would show PTR records often don't point back to the A record. Likewise, doing reverse lookups of PTR records for random addresses often doesn't find the corresponding A record.
EDIT: CNAMEs are not the only way to alias a system. DNS allows multiple A records to point the the same address. Functionally this is the same as adding a CNAME but the method is different. Same problems apply outside your domain. To search for the various A records you would search for the IP address(es) of the system in question.
The DNS protocol does not allow you to do that sort of "reverse" lookup. You'll need to go out of protocol, such as using the grep suggestions provided by kce.
use powershell:
check for the Primaryname on your Microsoft DNS Server:
Get-WmiObject -Namespace 'root\MicrosoftDNS' -Class MicrosoftDNS_AType -Filter "IPAddress = 'xx.xx.xx.xx (IP)'" -ComputerName mydnsservername
get all cnames for that host from your Microsoft DNS server:
Get-WmiObject -Namespace 'root\MicrosoftDNS' -Class MicrosoftDNS_CNAMEType -Filter "primaryname = 'primaryname from first query terminated with a dot.'" -ComputerName mydnsservername|select ownername, primaryname
dnscmd
to export the zone data:CNAME
resource records that point to the target domain name.