[thelist] DNS Lookup question

Matt McKeon matt at camadro.com
Tue Mar 11 13:49:21 CDT 2008

Chris Anderson wrote:
>> Is it possible to find out all the sub-domains of a domain? For
>> instance, if I created A records for private.domain.com and
>> secret.domain.com; are there tools that one could run to find those
>> sub-domains if they are aware of domain.com?
> I believe you can if you have trusted access to a nameserver (i.e. you
> are a nameserver [1]) by requesting a "zone transfer" (aka AXFR) using
> nslookup.
> This will basically dump you the nameserver's entire zone list
> (including all sub-domains/hosts) and is normally used in replication.

Thanks Chris and Anthony.
I'm certainly not only relying on this security through obscurity, but 
just a general question I was wondering about. Interesting though, and I 
don't doubt how it could be abused.


More information about the thelist mailing list