Methods to obtain all the A records of a domain?

Kevin Darcy kcd at daimlerchrysler.com
Thu Aug 2 04:06:40 UTC 2001 

Theoretically, one could determine this by generating many billions of queries
to your nameserver (every combination of characters that could be a legal name
in your domain).

You haven't noticed a big traffic spike lately, have you? :-)


- Kevin

Vincent W.S. Tam wrote:

> Hi Kevin,
>
> I know it's bad, but we have no slave servers. :(
>
> For Brad's comment,
> - I think reverse query is not possible to get the A records since the IP is
> not mapped to a host in this domain, plus the same IP receives multiple
> domains (virtual web & mail servers)
> - I think has access right to a specific host is also not possible because
> both parties are different companies in same business, unless a hacking is
> done.
>
> Yesterday we found that the new ISP seems missed one A record from our
> original. I hope the real reason is the customer has keep track of the A
> records of the domains and told the new ISP, not our name server's security
> hole.
>
> So far, looks it is impossible to obtain all the domain's A records without
> a domain transfer or access into the server?
>
> Best Regards,
> Vincent
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Kevin Darcy
> Sent: Thursday, August 02, 2001 7:49 AM
> To: bind-users at isc.org
> Subject: Re: Methods to obtain all the A records of a domain?
>
> Did you restrict zone transfers on the *slaves* as well as the master?
>
> - Kevin
>
> Vincent W.S. Tam wrote:
>
> > Dear all,
> >
> > We're using a BIND 8.2.3 server running under Debian GNU/Linux system. We
> > have already blocked domain transfer to limited hosts by adding this entry
> > to /etc/bind/named.conf:
> >
> > options {
> >         ......
> >         allow-transfer { 127.0.0.1; specified-host1; specified-host2; };
> >         ......
> > }
> >
> > However, we found that another ISP can still obtain all the A records of a
> > domain we was hosting, when one of our customer switch their DNS hosting
> to
> > another ISP. At least, what A records we have set seems goto that ISP
> > already.
> >
> > Can anyone tell us is there other methods to obtain a domain's A records,
> > without using domain transfer? Or, it is impossible, they just simply
> > remembered what A records we have setup?
> >
> > Thank you for your time!
> >
> > Best Regards,
> > Vincent

More information about the bind-users mailing list