Paul, Public-facing .Com and .Net zone authority could be derived in-part from the appropriate TLD zone files:
http://www.verisign.com/nds/naming/tld/ The .Org TLD zone file is available through PIR: http://www.pir.org/registrars/zone_file_access As Bennett described, though, this won't necessarily provide a complete picture. -Dennis On Fri, 23 Jul 2004, Paul Schmehl wrote: > Can this be done? > > Conditions: > 1) You know an IP address that is running a DNS server. (IOW, it responds > to digs.) > 2) You do not know the hostname or domain of the host. > 3) The DNS server does not allow zone transfers. > > You want to find out *all* the domains that that DNS server is > authoritative for. (Essentially you're trying to find out what's in the > named.conf file rather than zone file info.) > > Has anyone written a tool that can do this? I thought about the > possibility of parsing all the registration sites for the Primary and > Backup NS, but that would take forever. I imagine you could write a perl > script that would access the web interfaces, do the queries and return the > results, but it would run for days... > > Paul Schmehl ([EMAIL PROTECTED]) > Adjunct Information Security Officer > The University of Texas at Dallas > AVIEN Founding Member > http://www.utdallas.edu/ir/security/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
