Re: Find all authoritative domains for a nameserver?
Hi-- On Dec 3, 2012, at 3:30 PM, Novosielski, Ryan wrote: I don't know if there's an easy, or even moderately easy way to do this, but can one somehow figure out/get a list of all domains for which the nameserver is set to a given IP/server name? It's easy enough to test whether a specific domain is being delegated to your nameserver by checking WHOIS or asking for NS records for the domain. It's also easy enough if you have access to the nameserver configs to see which domains it is setup to be authoritative for. However, since someone could delegate some.strange.subdomain.from.my.domain to an arbitrary nameserver (ie, yours), there's no way of exhaustively identifying these even if you check WHOIS or the root nameservers AFAIK For reasons I won't get into, the people who register the domains are not the same as the people who run the DNS servers (me) and occasionally the domains I have zones defined for in my nameservers do not match the WHOIS records. Normally, that problem becomes pretty obvious because nothing works right, but it does generate a lot of logging for failed queries to the nameservers. I guess that would be one way to tell when someone has made us authoritative for a domain but not had us create a zone file, but is there a way to get a list somehow? Registrars are expected to have both a billing/admin contact and a technical contact; make sure that people who expect you to make their domains work put you as the tech contact, and you will at least get notified when they register new top-level domains. Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Find all authoritative domains for a nameserver?
Hi all, I don't know if there's an easy, or even moderately easy way to do this, but can one somehow figure out/get a list of all domains for which the nameserver is set to a given IP/server name? For reasons I won't get into, the people who register the domains are not the same as the people who run the DNS servers (me) and occasionally the domains I have zones defined for in my nameservers do not match the WHOIS records. Normally, that problem becomes pretty obvious because nothing works right, but it does generate a lot of logging for failed queries to the nameservers. I guess that would be one way to tell when someone has made us authoritative for a domain but not had us create a zone file, but is there a way to get a list somehow? Back in the old netsol days, a name server admin could get a list of domains for which was responsible by request. There's also a feature in very very old versions of bind called Inverse DNS, implemented against an optional part of one of the DNS spec, that comes close to this. Nowadays, verisign and a few others WILL let you download the COM zone via FTP once a day, with special signed agreements (mainly for research purposes, not to solve your problem). Your best answer comes in either your logs (with some simple grep and perl to do the dig +trace, could make a nice useful report), or some other tool like TCPDUMP, or in a passive DNS provider, but the reality is, all these methods require someone to be querying it. Thankfully, spambots seem to do this quite a lot, and manage to find new domains at an alarming pace. -Dan Mahoney ISC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Find all authoritative domains for a nameserver?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/03/2012 06:45 PM, Chuck Swiger wrote: Registrars are expected to have both a billing/admin contact and a technical contact; make sure that people who expect you to make their domains work put you as the tech contact, and you will at least get notified when they register new top-level domains. Yeah, and at lesat that is now the case, that just doesn't help with the misdeeds of the past. - -- - _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlC9PMoACgkQmb+gadEcsb7DVQCdHG5jQCcx5y046cHru8dftbvc V5AAoKPGH5VybFEL+JVPcd9sAd8uMp0T =LJaT -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Find all authoritative domains for a nameserver?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/03/2012 06:52 PM, Dan Mahoney wrote: Hi all, I don't know if there's an easy, or even moderately easy way to do this, but can one somehow figure out/get a list of all domains for which the nameserver is set to a given IP/server name? For reasons I won't get into, the people who register the domains are not the same as the people who run the DNS servers (me) and occasionally the domains I have zones defined for in my nameservers do not match the WHOIS records. Normally, that problem becomes pretty obvious because nothing works right, but it does generate a lot of logging for failed queries to the nameservers. I guess that would be one way to tell when someone has made us authoritative for a domain but not had us create a zone file, but is there a way to get a list somehow? Back in the old netsol days, a name server admin could get a list of domains for which was responsible by request. There's also a feature in very very old versions of bind called Inverse DNS, implemented against an optional part of one of the DNS spec, that comes close to this. Nowadays, verisign and a few others WILL let you download the COM zone via FTP once a day, with special signed agreements (mainly for research purposes, not to solve your problem). Your best answer comes in either your logs (with some simple grep and perl to do the dig +trace, could make a nice useful report), or some other tool like TCPDUMP, or in a passive DNS provider, but the reality is, all these methods require someone to be querying it. Thankfully, spambots seem to do this quite a lot, and manage to find new domains at an alarming pace. Thanks, that's about what I'd expected to hear. Luckily what you've said is true (I get hundreds of queries for umdnj.org for example) and the problem isn't actually a serious one unless someone expects the site to be working (in which case, I'd hear about it anyway). - -- - _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlC9PSAACgkQmb+gadEcsb4LQACeLIfbwp6jyeqUejJ8hn6clNO0 CzgAn26KxMSAp5g8zxm3HzHj+MNsv/sI =BrTx -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Find all authoritative domains for a nameserver?
So, Had this same issue where a customer forgot whom they actually supported. Grep the named.conf for the zones (Shows active Zones). Then grep the db file for the A records of each active zone. Then write a script to querry 8.8.8.8 or whois for the names. This returns the customer info. You can also set up query greps for dns logs. Anything answering is where you would look then again write a script against whois on the internet.No easy way around getting customer info other than a script against whois if you have a ton of A record returns. Hope this helped, Ed On Mon, Dec 3, 2012 at 6:30 PM, Novosielski, Ryan novos...@umdnj.eduwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I don't know if there's an easy, or even moderately easy way to do this, but can one somehow figure out/get a list of all domains for which the nameserver is set to a given IP/server name? For reasons I won't get into, the people who register the domains are not the same as the people who run the DNS servers (me) and occasionally the domains I have zones defined for in my nameservers do not match the WHOIS records. Normally, that problem becomes pretty obvious because nothing works right, but it does generate a lot of logging for failed queries to the nameservers. I guess that would be one way to tell when someone has made us authoritative for a domain but not had us create a zone file, but is there a way to get a list somehow? Thanks. - -- - _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlC9NgkACgkQmb+gadEcsb55EQCgpMYxBAswxZ97eiKqphcDd4Hr ZlgAoMwwqHbKKhTzvPN1QwPsZnQFBlyo =mPm4 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
