44

I'm trying to query a domain to retrieve its full DNS zone listings (A, MX, CNAME,…)

It seems that host -a is only returning the NS and MX records.

Any help would be much appreciated.

Thanks.

Jannis
  • 17,025
  • 18
  • 62
  • 75

2 Answers2

85
→ dig -t ANY stackoverflow.com 

; <<>> DiG 9.6.0-APPLE-P2 <<>> -t ANY stackoverflow.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20242
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;stackoverflow.com.     IN  ANY

;; ANSWER SECTION:
stackoverflow.com.  1202    IN  A   64.34.119.12
stackoverflow.com.  65902   IN  NS  ns3.p19.dynect.net.
stackoverflow.com.  65902   IN  NS  ns1.p19.dynect.net.
stackoverflow.com.  65902   IN  NS  ns4.p19.dynect.net.
stackoverflow.com.  65902   IN  NS  ns2.p19.dynect.net.

;; Query time: 38 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Tue Nov 23 19:55:51 2010
;; MSG SIZE  rcvd: 137

Does that work for you?

noodl
  • 17,143
  • 3
  • 57
  • 55
  • Unfortunately not, it seems that this returns the same as `host -a`. If you use `aggiegreys.com` as the domain it should show an A record for `static` which is still not listed by this query. – Jannis Nov 23 '10 at 20:06
  • Oh, sorry I didn't realise you wanted all of the subdomains and so on. For that you need an AXFR query (I think; I'm not great with DNS). Generally speaking dns servers only allow domain transfers to known, trusted servers. – noodl Nov 23 '10 at 20:09
  • Thanks, i ll google that and see how far I get, I don't actually want to transfer anything it's more that every now and then we request for a CNAME or A record to be created by the domain holders (if it's not myself) and this would be a nice way to see if it has actually been done or not. – Jannis Nov 23 '10 at 20:11
  • 1
    Just been told there is no 'query' that also lists all subdomains and things. So using `dig` directly on the subdomain will work for what I need. Cheers. – Jannis Nov 23 '10 at 22:02
  • 1
    It got some kind of easter egg nowadays: _`stackoverflow.com. 3789 IN HINFO "Please stop asking for ANY" "See draft-jabley-dnsop-refuse-any"`_. So it should be `dig -t draft-jabley-dnsop-refuse-any stackoverflow.com` as the message suggests. – jibiel Nov 08 '15 at 10:21
2

TL;DR

https://superuser.com/questions/24389/is-there-a-way-to-get-the-complete-zone-file-for-a-domain-without-contacting-its

In good traditions of opensource and freedom of choice, here's anther option: host -t NS stackoverflow.com which would output following:

stackoverflow.com name server ns-cloud-e1.googledomains.com.
stackoverflow.com name server ns-358.awsdns-44.com.
stackoverflow.com name server ns-1033.awsdns-01.org.
stackoverflow.com name server ns-cloud-e2.googledomains.com.

because you've specified the type. Or use flag -a instead to see all records. Alternatively you may use nslookup -type=any stackoverflow.com. But unfortunately none of these options would give you the zone file. BUT if you'd search on another stackexchange forum you would find the answer here: https://superuser.com/questions/24389/is-there-a-way-to-get-the-complete-zone-file-for-a-domain-without-contacting-its

boldnik
  • 2,547
  • 2
  • 27
  • 32