Find all authoritative domains for a nameserver?
Novosielski, Ryan
Hash: SHA1
Hi all,
I don't know if there's an easy, or even moderately easy way to do
this, but can one somehow figure out/get a list of all domains for
which the nameserver is set to a given IP/server name? For reasons I
won't get into, the people who register the domains are not the same
as the people who run the DNS servers (me) and occasionally the
domains I have zones defined for in my nameservers do not match the
WHOIS records. Normally, that problem becomes pretty obvious because
nothing works right, but it does generate a lot of logging for failed
queries to the nameservers. I guess that would be one way to tell when
someone has made us authoritative for a domain but not had us create a
zone file, but is there a way to get a list somehow?
Thanks.
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novo...@umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlC9NgkACgkQmb+gadEcsb55EQCgpMYxBAswxZ97eiKqphcDd4Hr
ZlgAoMwwqHbKKhTzvPN1QwPsZnQFBlyo
=mPm4
-----END PGP SIGNATURE-----
Chuck Swiger
On Dec 3, 2012, at 3:30 PM, Novosielski, Ryan wrote:
> I don't know if there's an easy, or even moderately easy way to do
> this, but can one somehow figure out/get a list of all domains for
> which the nameserver is set to a given IP/server name?
to your nameserver by checking WHOIS or asking for NS records for the domain.
It's also easy enough if you have access to the nameserver configs to
see which domains it is setup to be authoritative for.
However, since someone could delegate some.strange.subdomain.from.my.domain
to an arbitrary nameserver (ie, yours), there's no way of exhaustively
identifying these even if you check WHOIS or the root nameservers AFAIK....
> For reasons I won't get into, the people who register the domains are not the same
> as the people who run the DNS servers (me) and occasionally the
> domains I have zones defined for in my nameservers do not match the
> WHOIS records. Normally, that problem becomes pretty obvious because
> nothing works right, but it does generate a lot of logging for failed
> queries to the nameservers. I guess that would be one way to tell when
> someone has made us authoritative for a domain but not had us create a
> zone file, but is there a way to get a list somehow?
technical contact; make sure that people who expect you to make their
domains work put you as the tech contact, and you will at least get
notified when they register new top-level domains.
Regards,
--
-Chuck
Dan Mahoney
> I don't know if there's an easy, or even moderately easy way to do
> this, but can one somehow figure out/get a list of all domains for
> as the people who run the DNS servers (me) and occasionally the
> domains I have zones defined for in my nameservers do not match the
> WHOIS records. Normally, that problem becomes pretty obvious because
> nothing works right, but it does generate a lot of logging for failed
> queries to the nameservers. I guess that would be one way to tell when
> someone has made us authoritative for a domain but not had us create a
> zone file, but is there a way to get a list somehow?
Your best answer comes in either your logs (with some simple grep and perl to do the dig +trace, could make a nice useful report), or some other tool like TCPDUMP, or in a passive DNS provider, but the reality is, all these methods require someone to be querying it. Thankfully, spambots seem to do this quite a lot, and manage to find "new" domains at an alarming pace.
-Dan Mahoney
ISC
Novosielski, Ryan
Hash: SHA1
On 12/03/2012 06:45 PM, Chuck Swiger wrote:
> Registrars are expected to have both a billing/admin contact and a
> technical contact; make sure that people who expect you to make
> their domains work put you as the tech contact, and you will at
> least get notified when they register new top-level domains.
Yeah, and at lesat that is now the case, that just doesn't help with
the misdeeds of the past.
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novo...@umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlC9PMoACgkQmb+gadEcsb7DVQCdHG5jQCcx5y046cHru8dftbvc
V5AAoKPGH5VybFEL+JVPcd9sAd8uMp0T
=LJaT
-----END PGP SIGNATURE-----
Novosielski, Ryan
Hash: SHA1
Thanks, that's about what I'd expected to hear. Luckily what you've
said is true (I get hundreds of queries for umdnj.org for example) and
the problem isn't actually a serious one unless someone expects the
site to be working (in which case, I'd hear about it anyway).
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novo...@umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlC9PSAACgkQmb+gadEcsb4LQACeLIfbwp6jyeqUejJ8hn6clNO0
CzgAn26KxMSAp5g8zxm3HzHj+MNsv/sI
=BrTx
-----END PGP SIGNATURE-----
Edward DeLargy
Had this same issue where a customer forgot whom they actually supported. Grep the named.conf for the zones (Shows active Zones). Then grep the db file for the A records of each active zone. Then write a script to querry 8.8.8.8 or whois for the names. This returns the customer info. You can also set up query greps for dns logs. Anything answering is where you would look then again write a script against whois on the internet.No easy way around getting customer info other than a script against whois if you have a ton of A record returns.
Hope this helped,
Ed
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I don't know if there's an easy, or even moderately easy way to do
this, but can one somehow figure out/get a list of all domains for
which the nameserver is set to a given IP/server name? For reasons I
won't get into, the people who register the domains are not the same
as the people who run the DNS servers (me) and occasionally the
domains I have zones defined for in my nameservers do not match the
WHOIS records. Normally, that problem becomes pretty obvious because
nothing works right, but it does generate a lot of logging for failed
queries to the nameservers. I guess that would be one way to tell when
someone has made us authoritative for a domain but not had us create a
zone file, but is there a way to get a list somehow?
Thanks.
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novo...@umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlC9NgkACgkQmb+gadEcsb55EQCgpMYxBAswxZ97eiKqphcDd4Hr
ZlgAoMwwqHbKKhTzvPN1QwPsZnQFBlyo
=mPm4
-----END PGP SIGNATURE-----
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users