Home / server / Questions / 308704
In Process
mdpc
Asked: 2011-09-07 12:40:35 +0800 CST

Given a hostname, how do you find all its aliases (i.e. CNAME records) WITHOUT direct DNS file access? [duplicate]

  • 772

Possible Duplicate:
Querying DNS for CNAMEs for a server

I have an interesting problem, given a FQDN, how do you find all its alias names WITHOUT having access to the DNS files or being able to list the domain (zone)?

The issue is restricted to all aliases within a single domain.

domain-name-system cname-record alias

2 Answers

  1. AFAIK you can't - There is no reliable way to know how many CNAMEs point to a given hostname. DNS does not have a link/reference count like a filesystem does.

    Restricting the problem to a single domain makes it more plausible, but still not really possible within the constraints you provided in your question:

    • If you can do an AXFR of the domain (dig -t AXFR domain.com) you'll get a dump of all the records, and you can parse them.
    • Alternatively you can examine the zone file if you have access to it.

    If neither of those is an option, or if you're not restricting yourself to a single domain the problem is effectively unsolvable - it's like asking how many people in the world used the word "wombat" today.

    • 4

  2. You cannot find this information without a copy of the zone.

    About the closest thing you could do is to just capture the data in logs or in a packet capture if the name is included as part of the protocol (ie http name-based hosting).

    • 3