List all records for domain

Sponsored Links

Hello:

I'm trying to find the correct nslookup command to list all records for a
domain. Is this possible? I've tried -q=all and -q=any but they don't show
all records, even if I directly query an authoritative DNS server for the
domain. Do most DNS servers no longer support querying for all records, as a
security precaution?

With the examples below, all I get are the domain A, MX, NS, and TXT
records. These domains should at least have an A record for the www host,
but that doesn't show up. Any suggestions are appreciated.

--
Thank you,
Mel K.
MCSA: M

--------------- First domain I tried. Same result
with -q=any. ---------------

C:\>nslookup -q=all novell.com ns.novell.com
Server: ns.novell.com
Address: 137.65.1.1

novell.com
primary name server = ns.novell.com
responsible mail addr = bwayne.novell.com
serial = 2008111301
refresh = 7200 (2 hours)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 21600 (6 hours)
novell.com nameserver = ns2.novell.com
novell.com nameserver = NS.UTAH.EDU
novell.com nameserver = ns.novell.com
novell.com MX preference = 2, mail exchanger = prv2-mx.provo.novell.com
novell.com MX preference = 2, mail exchanger = prv-mx.provo.novell.com
novell.com MX preference = 2, mail exchanger = prv1-mx.provo.novell.com
novell.com internet address = 130.57.5.70
NS.UTAH.EDU internet address = 128.110.124.120
ns.novell.com internet address = 137.65.1.1
ns2.novell.com internet address = 137.65.1.2
prv-mx.provo.novell.com internet address = 130.57.1.10
prv1-mx.provo.novell.com internet address = 130.57.1.11
prv2-mx.provo.novell.com internet address = 130.57.1.12

--------------- Another domain I tried. Same result
with -q=any. ---------------

C:\>nslookup -q=all cisco.com ns1.cisco.com
Server: ns1.cisco.com
Address: 128.107.241.185

DNS request timed out.
timeout was 2 seconds.
cisco.com text =

"v=spf1 ip4:171.68.0.0/14 ip4:64.100.0.0/14 ip4:64.104.0.0/16
ip4:128.107.0.0/16 ip4:144.254.0.0/16 ip4:66.187.208.0/20 ~all"
cisco.com
primary name server = dns-sjc3-2-l.cisco.com
responsible mail addr = postmaster.cisco.com
serial = 9110922
refresh = 7200 (2 hours)
retry = 1800 (30 mins)
expire = 864000 (10 days)
default TTL = 86400 (1 day)
cisco.com nameserver = ns2.cisco.com
cisco.com nameserver = ns1.cisco.com
cisco.com internet address = 198.133.219.25
cisco.com MX preference = 10, mail exchanger = sj-inbound-a.cisco.com
cisco.com MX preference = 10, mail exchanger = sj-inbound-b.cisco.com
cisco.com MX preference = 10, mail exchanger = sj-inbound-c.cisco.com
cisco.com MX preference = 10, mail exchanger = sj-inbound-d.cisco.com
cisco.com MX preference = 10, mail exchanger = sj-inbound-e.cisco.com
cisco.com MX preference = 10, mail exchanger = sj-inbound-f.cisco.com
cisco.com MX preference = 20, mail exchanger = ams-inbound-a.cisco.com
cisco.com MX preference = 25, mail exchanger = syd-inbound-a.cisco.com

Hello Mel K.,

Check out dnscmd:
http://technet.microsoft.com/en-us/l.../cc778513.aspx

Export zone resource records list to a file
To export the resource record list from the test.reskit.com zone on the reskit.com
DNS server, type:

dnscmd reskit.com /zoneexport test.reskit.com test.reskit.com.dns


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello:
>
> I'm trying to find the correct nslookup command to list all records
> for a domain. Is this possible? I've tried -q=all and -q=any but they
> don't show all records, even if I directly query an authoritative DNS
> server for the domain. Do most DNS servers no longer support querying
> for all records, as a security precaution?
>
> With the examples below, all I get are the domain A, MX, NS, and TXT
> records. These domains should at least have an A record for the www
> host, but that doesn't show up. Any suggestions are appreciated.
>
> --------------- First domain I tried. Same result with -q=any.
> ---------------
>
> C:\>nslookup -q=all novell.com ns.novell.com
> Server: ns.novell.com
> Address: 137.65.1.1
> novell.com
> primary name server = ns.novell.com
> responsible mail addr = bwayne.novell.com
> serial = 2008111301
> refresh = 7200 (2 hours)
> retry = 900 (15 mins)
> expire = 604800 (7 days)
> default TTL = 21600 (6 hours)
> novell.com nameserver = ns2.novell.com
> novell.com nameserver = NS.UTAH.EDU
> novell.com nameserver = ns.novell.com
> novell.com MX preference = 2, mail exchanger =
> prv2-mx.provo.novell.com
> novell.com MX preference = 2, mail exchanger =
> prv-mx.provo.novell.com
> novell.com MX preference = 2, mail exchanger =
> prv1-mx.provo.novell.com
> novell.com internet address = 130.57.5.70
> NS.UTAH.EDU internet address = 128.110.124.120
> ns.novell.com internet address = 137.65.1.1
> ns2.novell.com internet address = 137.65.1.2
> prv-mx.provo.novell.com internet address = 130.57.1.10
> prv1-mx.provo.novell.com internet address = 130.57.1.11
> prv2-mx.provo.novell.com internet address = 130.57.1.12
> --------------- Another domain I tried. Same result with -q=any.
> ---------------
>
> C:\>nslookup -q=all cisco.com ns1.cisco.com
> Server: ns1.cisco.com
> Address: 128.107.241.185
> DNS request timed out.
> timeout was 2 seconds.
> cisco.com text =
> "v=spf1 ip4:171.68.0.0/14 ip4:64.100.0.0/14 ip4:64.104.0.0/16
> ip4:128.107.0.0/16 ip4:144.254.0.0/16 ip4:66.187.208.0/20 ~all"
> cisco.com
> primary name server = dns-sjc3-2-l.cisco.com
> responsible mail addr = postmaster.cisco.com
> serial = 9110922
> refresh = 7200 (2 hours)
> retry = 1800 (30 mins)
> expire = 864000 (10 days)
> default TTL = 86400 (1 day)
> cisco.com nameserver = ns2.cisco.com
> cisco.com nameserver = ns1.cisco.com
> cisco.com internet address = 198.133.219.25
> cisco.com MX preference = 10, mail exchanger =
> sj-inbound-a.cisco.com
> cisco.com MX preference = 10, mail exchanger =
> sj-inbound-b.cisco.com
> cisco.com MX preference = 10, mail exchanger =
> sj-inbound-c.cisco.com
> cisco.com MX preference = 10, mail exchanger =
> sj-inbound-d.cisco.com
> cisco.com MX preference = 10, mail exchanger =
> sj-inbound-e.cisco.com
> cisco.com MX preference = 10, mail exchanger =
> sj-inbound-f.cisco.com
> cisco.com MX preference = 20, mail exchanger =
> ams-inbound-a.cisco.com
> cisco.com MX preference = 25, mail exchanger =
> syd-inbound-a.cisco.com

Meinolf:

Thanks for the reply. I tried running the command you mentioned from an XP
computer and got the error below. It doesn't look like that command works
with external DNS severs/zones outside of your AD/DNS domain.

Command failed: RPC_S_SERVER_UNAVAILABLE 1722 (000006ba)

--
Thank you,
Mel K.
MCSA: M
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6611c508cb3ae7fc463418@msnews.microsoft.com...
> Hello Mel K.,
>
> Check out dnscmd:
> http://technet.microsoft.com/en-us/l.../cc778513.aspx
>
> Export zone resource records list to a file
> To export the resource record list from the test.reskit.com zone on the
> reskit.com DNS server, type:
>
> dnscmd reskit.com /zoneexport test.reskit.com test.reskit.com.dns
>
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hello:
>>
>> I'm trying to find the correct nslookup command to list all records
>> for a domain. Is this possible? I've tried -q=all and -q=any but they
>> don't show all records, even if I directly query an authoritative DNS
>> server for the domain. Do most DNS servers no longer support querying
>> for all records, as a security precaution?
>>
>> With the examples below, all I get are the domain A, MX, NS, and TXT
>> records. These domains should at least have an A record for the www
>> host, but that doesn't show up. Any suggestions are appreciated.
>>
>> --------------- First domain I tried. Same result with -q=any.
>> ---------------
>>
>> C:\>nslookup -q=all novell.com ns.novell.com
>> Server: ns.novell.com
>> Address: 137.65.1.1
>> novell.com
>> primary name server = ns.novell.com
>> responsible mail addr = bwayne.novell.com
>> serial = 2008111301
>> refresh = 7200 (2 hours)
>> retry = 900 (15 mins)
>> expire = 604800 (7 days)
>> default TTL = 21600 (6 hours)
>> novell.com nameserver = ns2.novell.com
>> novell.com nameserver = NS.UTAH.EDU
>> novell.com nameserver = ns.novell.com
>> novell.com MX preference = 2, mail exchanger =
>> prv2-mx.provo.novell.com
>> novell.com MX preference = 2, mail exchanger =
>> prv-mx.provo.novell.com
>> novell.com MX preference = 2, mail exchanger =
>> prv1-mx.provo.novell.com
>> novell.com internet address = 130.57.5.70
>> NS.UTAH.EDU internet address = 128.110.124.120
>> ns.novell.com internet address = 137.65.1.1
>> ns2.novell.com internet address = 137.65.1.2
>> prv-mx.provo.novell.com internet address = 130.57.1.10
>> prv1-mx.provo.novell.com internet address = 130.57.1.11
>> prv2-mx.provo.novell.com internet address = 130.57.1.12
>> --------------- Another domain I tried. Same result with -q=any.
>> ---------------
>>
>> C:\>nslookup -q=all cisco.com ns1.cisco.com
>> Server: ns1.cisco.com
>> Address: 128.107.241.185
>> DNS request timed out.
>> timeout was 2 seconds.
>> cisco.com text =
>> "v=spf1 ip4:171.68.0.0/14 ip4:64.100.0.0/14 ip4:64.104.0.0/16
>> ip4:128.107.0.0/16 ip4:144.254.0.0/16 ip4:66.187.208.0/20 ~all"
>> cisco.com
>> primary name server = dns-sjc3-2-l.cisco.com
>> responsible mail addr = postmaster.cisco.com
>> serial = 9110922
>> refresh = 7200 (2 hours)
>> retry = 1800 (30 mins)
>> expire = 864000 (10 days)
>> default TTL = 86400 (1 day)
>> cisco.com nameserver = ns2.cisco.com
>> cisco.com nameserver = ns1.cisco.com
>> cisco.com internet address = 198.133.219.25
>> cisco.com MX preference = 10, mail exchanger =
>> sj-inbound-a.cisco.com
>> cisco.com MX preference = 10, mail exchanger =
>> sj-inbound-b.cisco.com
>> cisco.com MX preference = 10, mail exchanger =
>> sj-inbound-c.cisco.com
>> cisco.com MX preference = 10, mail exchanger =
>> sj-inbound-d.cisco.com
>> cisco.com MX preference = 10, mail exchanger =
>> sj-inbound-e.cisco.com
>> cisco.com MX preference = 10, mail exchanger =
>> sj-inbound-f.cisco.com
>> cisco.com MX preference = 20, mail exchanger =
>> ams-inbound-a.cisco.com
>> cisco.com MX preference = 25, mail exchanger =
>> syd-inbound-a.cisco.com
>
>

From http://support.microsoft.com/kb/200525 regarding nslookup.



Nslookup can be used to transfer an entire zone by using the ls command.
Zone transfers can be blocked at the DNS server so that only authorized
addresses or networks can perform this function. The following error will be
returned if zone security has been set: *** Can't list domain example.com.:
Query refused.



I believe that this is the same issue with dnscmd /zoneexport. If you're
running any command to transfer/export a zone and the computer that you're
running the command on is not listed for "allow transfer" of the zone,
you'll get an error.



I got the error below after running the nsookup ls command on my DC/DNS
server (Windows Server 2003 SP2). My AD-integrated zone doesn't allow zone
transfers at all. So this does all go back to the issue of security.



C:\>nslookup


Default Server: dc-1.my-domain.ad

Address: 10.10.10.2

> ls my-domain.ad


[dc-1.my-domain.ad]


*** Can't list domain my-domain.ad: Query refused

The DNS server refused to transfer the zone my-domain.ad to your computer.
If this


is incorrect, check the zone transfer security settings for my-domain.ad on
the DNS

server at IP address 10.10.10.2.




--
Thank you,
Mel K.
MCSA: M

"Mel K." <Mel.K@nowhere.com> wrote in message
news:uKs36$dbJHA.1272@TK2MSFTNGP04.phx.gbl...
> Meinolf:
>
> Thanks for the reply. I tried running the command you mentioned from an XP
> computer and got the error below. It doesn't look like that command works
> with external DNS severs/zones outside of your AD/DNS domain.
>
> Command failed: RPC_S_SERVER_UNAVAILABLE 1722 (000006ba)
>
> --
> Thank you,
> Mel K.
> MCSA: M
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6611c508cb3ae7fc463418@msnews.microsoft.com...
>> Hello Mel K.,
>>
>> Check out dnscmd:
>> http://technet.microsoft.com/en-us/l.../cc778513.aspx
>>
>> Export zone resource records list to a file
>> To export the resource record list from the test.reskit.com zone on the
>> reskit.com DNS server, type:
>>
>> dnscmd reskit.com /zoneexport test.reskit.com test.reskit.com.dns
>>
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>> Hello:
>>>
>>> I'm trying to find the correct nslookup command to list all records
>>> for a domain. Is this possible? I've tried -q=all and -q=any but they
>>> don't show all records, even if I directly query an authoritative DNS
>>> server for the domain. Do most DNS servers no longer support querying
>>> for all records, as a security precaution?
>>>
>>> With the examples below, all I get are the domain A, MX, NS, and TXT
>>> records. These domains should at least have an A record for the www
>>> host, but that doesn't show up. Any suggestions are appreciated.
>>>
>>> --------------- First domain I tried. Same result with -q=any.
>>> ---------------
>>>
>>> C:\>nslookup -q=all novell.com ns.novell.com
>>> Server: ns.novell.com
>>> Address: 137.65.1.1
>>> novell.com
>>> primary name server = ns.novell.com
>>> responsible mail addr = bwayne.novell.com
>>> serial = 2008111301
>>> refresh = 7200 (2 hours)
>>> retry = 900 (15 mins)
>>> expire = 604800 (7 days)
>>> default TTL = 21600 (6 hours)
>>> novell.com nameserver = ns2.novell.com
>>> novell.com nameserver = NS.UTAH.EDU
>>> novell.com nameserver = ns.novell.com
>>> novell.com MX preference = 2, mail exchanger =
>>> prv2-mx.provo.novell.com
>>> novell.com MX preference = 2, mail exchanger =
>>> prv-mx.provo.novell.com
>>> novell.com MX preference = 2, mail exchanger =
>>> prv1-mx.provo.novell.com
>>> novell.com internet address = 130.57.5.70
>>> NS.UTAH.EDU internet address = 128.110.124.120
>>> ns.novell.com internet address = 137.65.1.1
>>> ns2.novell.com internet address = 137.65.1.2
>>> prv-mx.provo.novell.com internet address = 130.57.1.10
>>> prv1-mx.provo.novell.com internet address = 130.57.1.11
>>> prv2-mx.provo.novell.com internet address = 130.57.1.12
>>> --------------- Another domain I tried. Same result with -q=any.
>>> ---------------
>>>
>>> C:\>nslookup -q=all cisco.com ns1.cisco.com
>>> Server: ns1.cisco.com
>>> Address: 128.107.241.185
>>> DNS request timed out.
>>> timeout was 2 seconds.
>>> cisco.com text =
>>> "v=spf1 ip4:171.68.0.0/14 ip4:64.100.0.0/14 ip4:64.104.0.0/16
>>> ip4:128.107.0.0/16 ip4:144.254.0.0/16 ip4:66.187.208.0/20 ~all"
>>> cisco.com
>>> primary name server = dns-sjc3-2-l.cisco.com
>>> responsible mail addr = postmaster.cisco.com
>>> serial = 9110922
>>> refresh = 7200 (2 hours)
>>> retry = 1800 (30 mins)
>>> expire = 864000 (10 days)
>>> default TTL = 86400 (1 day)
>>> cisco.com nameserver = ns2.cisco.com
>>> cisco.com nameserver = ns1.cisco.com
>>> cisco.com internet address = 198.133.219.25
>>> cisco.com MX preference = 10, mail exchanger =
>>> sj-inbound-a.cisco.com
>>> cisco.com MX preference = 10, mail exchanger =
>>> sj-inbound-b.cisco.com
>>> cisco.com MX preference = 10, mail exchanger =
>>> sj-inbound-c.cisco.com
>>> cisco.com MX preference = 10, mail exchanger =
>>> sj-inbound-d.cisco.com
>>> cisco.com MX preference = 10, mail exchanger =
>>> sj-inbound-e.cisco.com
>>> cisco.com MX preference = 10, mail exchanger =
>>> sj-inbound-f.cisco.com
>>> cisco.com MX preference = 20, mail exchanger =
>>> ams-inbound-a.cisco.com
>>> cisco.com MX preference = 25, mail exchanger =
>>> syd-inbound-a.cisco.com
>>
>>
>
>

Mel K. schreef:
> From http://support.microsoft.com/kb/200525 regarding nslookup.
>
>
>
> Nslookup can be used to transfer an entire zone by using the ls command.
> Zone transfers can be blocked at the DNS server so that only authorized
> addresses or networks can perform this function. The following error will be
> returned if zone security has been set: *** Can't list domain example.com.:
> Query refused.
>
>
>
> I believe that this is the same issue with dnscmd /zoneexport. If you're
> running any command to transfer/export a zone and the computer that you're
> running the command on is not listed for "allow transfer" of the zone,
> you'll get an error.
>
>
>
> I got the error below after running the nsookup ls command on my DC/DNS
> server (Windows Server 2003 SP2). My AD-integrated zone doesn't allow zone
> transfers at all. So this does all go back to the issue of security.
>
>
>
> C:\>nslookup
>
>
> Default Server: dc-1.my-domain.ad
>
> Address: 10.10.10.2
>
>> ls my-domain.ad
>
>
> [dc-1.my-domain.ad]
>
>
> *** Can't list domain my-domain.ad: Query refused
>
> The DNS server refused to transfer the zone my-domain.ad to your computer.
> If this
>
>
> is incorrect, check the zone transfer security settings for my-domain.ad on
> the DNS
>
> server at IP address 10.10.10.2.
>
>
>
>

The zone transfer capability of the server hosting the domain has been
limited to a specific range of addresses. To change this i suggest doing
what the output of the nslookup command is telling you.

"check the zone transfer security settings for my-domain.ad on the DNS
server"