Results 1 to 5 of 5

Thread: List all records for domain

  1. #1
    Mel K. Guest

    List all records for domain

    Hello:

    I'm trying to find the correct nslookup command to list all records for a
    domain. Is this possible? I've tried -q=all and -q=any but they don't show
    all records, even if I directly query an authoritative DNS server for the
    domain. Do most DNS servers no longer support querying for all records, as a
    security precaution?

    With the examples below, all I get are the domain A, MX, NS, and TXT
    records. These domains should at least have an A record for the www host,
    but that doesn't show up. Any suggestions are appreciated.

    --
    Thank you,
    Mel K.
    MCSA: M

    --------------- First domain I tried. Same result
    with -q=any. ---------------

    C:\>nslookup -q=all novell.com ns.novell.com
    Server: ns.novell.com
    Address: 137.65.1.1

    novell.com
    primary name server = ns.novell.com
    responsible mail addr = bwayne.novell.com
    serial = 2008111301
    refresh = 7200 (2 hours)
    retry = 900 (15 mins)
    expire = 604800 (7 days)
    default TTL = 21600 (6 hours)
    novell.com nameserver = ns2.novell.com
    novell.com nameserver = NS.UTAH.EDU
    novell.com nameserver = ns.novell.com
    novell.com MX preference = 2, mail exchanger = prv2-mx.provo.novell.com
    novell.com MX preference = 2, mail exchanger = prv-mx.provo.novell.com
    novell.com MX preference = 2, mail exchanger = prv1-mx.provo.novell.com
    novell.com internet address = 130.57.5.70
    NS.UTAH.EDU internet address = 128.110.124.120
    ns.novell.com internet address = 137.65.1.1
    ns2.novell.com internet address = 137.65.1.2
    prv-mx.provo.novell.com internet address = 130.57.1.10
    prv1-mx.provo.novell.com internet address = 130.57.1.11
    prv2-mx.provo.novell.com internet address = 130.57.1.12

    --------------- Another domain I tried. Same result
    with -q=any. ---------------

    C:\>nslookup -q=all cisco.com ns1.cisco.com
    Server: ns1.cisco.com
    Address: 128.107.241.185

    DNS request timed out.
    timeout was 2 seconds.
    cisco.com text =

    "v=spf1 ip4:171.68.0.0/14 ip4:64.100.0.0/14 ip4:64.104.0.0/16
    ip4:128.107.0.0/16 ip4:144.254.0.0/16 ip4:66.187.208.0/20 ~all"
    cisco.com
    primary name server = dns-sjc3-2-l.cisco.com
    responsible mail addr = postmaster.cisco.com
    serial = 9110922
    refresh = 7200 (2 hours)
    retry = 1800 (30 mins)
    expire = 864000 (10 days)
    default TTL = 86400 (1 day)
    cisco.com nameserver = ns2.cisco.com
    cisco.com nameserver = ns1.cisco.com
    cisco.com internet address = 198.133.219.25
    cisco.com MX preference = 10, mail exchanger = sj-inbound-a.cisco.com
    cisco.com MX preference = 10, mail exchanger = sj-inbound-b.cisco.com
    cisco.com MX preference = 10, mail exchanger = sj-inbound-c.cisco.com
    cisco.com MX preference = 10, mail exchanger = sj-inbound-d.cisco.com
    cisco.com MX preference = 10, mail exchanger = sj-inbound-e.cisco.com
    cisco.com MX preference = 10, mail exchanger = sj-inbound-f.cisco.com
    cisco.com MX preference = 20, mail exchanger = ams-inbound-a.cisco.com
    cisco.com MX preference = 25, mail exchanger = syd-inbound-a.cisco.com



  2. #2
    Meinolf Weber [MVP-DS] Guest

    Re: List all records for domain

    Hello Mel K.,

    Check out dnscmd:
    http://technet.microsoft.com/en-us/l.../cc778513.aspx

    Export zone resource records list to a file
    To export the resource record list from the test.reskit.com zone on the reskit.com
    DNS server, type:

    dnscmd reskit.com /zoneexport test.reskit.com test.reskit.com.dns


    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > Hello:
    >
    > I'm trying to find the correct nslookup command to list all records
    > for a domain. Is this possible? I've tried -q=all and -q=any but they
    > don't show all records, even if I directly query an authoritative DNS
    > server for the domain. Do most DNS servers no longer support querying
    > for all records, as a security precaution?
    >
    > With the examples below, all I get are the domain A, MX, NS, and TXT
    > records. These domains should at least have an A record for the www
    > host, but that doesn't show up. Any suggestions are appreciated.
    >
    > --------------- First domain I tried. Same result with -q=any.
    > ---------------
    >
    > C:\>nslookup -q=all novell.com ns.novell.com
    > Server: ns.novell.com
    > Address: 137.65.1.1
    > novell.com
    > primary name server = ns.novell.com
    > responsible mail addr = bwayne.novell.com
    > serial = 2008111301
    > refresh = 7200 (2 hours)
    > retry = 900 (15 mins)
    > expire = 604800 (7 days)
    > default TTL = 21600 (6 hours)
    > novell.com nameserver = ns2.novell.com
    > novell.com nameserver = NS.UTAH.EDU
    > novell.com nameserver = ns.novell.com
    > novell.com MX preference = 2, mail exchanger =
    > prv2-mx.provo.novell.com
    > novell.com MX preference = 2, mail exchanger =
    > prv-mx.provo.novell.com
    > novell.com MX preference = 2, mail exchanger =
    > prv1-mx.provo.novell.com
    > novell.com internet address = 130.57.5.70
    > NS.UTAH.EDU internet address = 128.110.124.120
    > ns.novell.com internet address = 137.65.1.1
    > ns2.novell.com internet address = 137.65.1.2
    > prv-mx.provo.novell.com internet address = 130.57.1.10
    > prv1-mx.provo.novell.com internet address = 130.57.1.11
    > prv2-mx.provo.novell.com internet address = 130.57.1.12
    > --------------- Another domain I tried. Same result with -q=any.
    > ---------------
    >
    > C:\>nslookup -q=all cisco.com ns1.cisco.com
    > Server: ns1.cisco.com
    > Address: 128.107.241.185
    > DNS request timed out.
    > timeout was 2 seconds.
    > cisco.com text =
    > "v=spf1 ip4:171.68.0.0/14 ip4:64.100.0.0/14 ip4:64.104.0.0/16
    > ip4:128.107.0.0/16 ip4:144.254.0.0/16 ip4:66.187.208.0/20 ~all"
    > cisco.com
    > primary name server = dns-sjc3-2-l.cisco.com
    > responsible mail addr = postmaster.cisco.com
    > serial = 9110922
    > refresh = 7200 (2 hours)
    > retry = 1800 (30 mins)
    > expire = 864000 (10 days)
    > default TTL = 86400 (1 day)
    > cisco.com nameserver = ns2.cisco.com
    > cisco.com nameserver = ns1.cisco.com
    > cisco.com internet address = 198.133.219.25
    > cisco.com MX preference = 10, mail exchanger =
    > sj-inbound-a.cisco.com
    > cisco.com MX preference = 10, mail exchanger =
    > sj-inbound-b.cisco.com
    > cisco.com MX preference = 10, mail exchanger =
    > sj-inbound-c.cisco.com
    > cisco.com MX preference = 10, mail exchanger =
    > sj-inbound-d.cisco.com
    > cisco.com MX preference = 10, mail exchanger =
    > sj-inbound-e.cisco.com
    > cisco.com MX preference = 10, mail exchanger =
    > sj-inbound-f.cisco.com
    > cisco.com MX preference = 20, mail exchanger =
    > ams-inbound-a.cisco.com
    > cisco.com MX preference = 25, mail exchanger =
    > syd-inbound-a.cisco.com




  3. #3
    Mel K. Guest

    Re: List all records for domain

    Meinolf:

    Thanks for the reply. I tried running the command you mentioned from an XP
    computer and got the error below. It doesn't look like that command works
    with external DNS severs/zones outside of your AD/DNS domain.

    Command failed: RPC_S_SERVER_UNAVAILABLE 1722 (000006ba)

    --
    Thank you,
    Mel K.
    MCSA: M
    "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
    news:ff16fb6611c508cb3ae7fc463418@msnews.microsoft.com...
    > Hello Mel K.,
    >
    > Check out dnscmd:
    > http://technet.microsoft.com/en-us/l.../cc778513.aspx
    >
    > Export zone resource records list to a file
    > To export the resource record list from the test.reskit.com zone on the
    > reskit.com DNS server, type:
    >
    > dnscmd reskit.com /zoneexport test.reskit.com test.reskit.com.dns
    >
    >
    > Best regards
    >
    > Meinolf Weber
    > Disclaimer: This posting is provided "AS IS" with no warranties, and
    > confers no rights.
    > ** Please do NOT email, only reply to Newsgroups
    > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >
    >> Hello:
    >>
    >> I'm trying to find the correct nslookup command to list all records
    >> for a domain. Is this possible? I've tried -q=all and -q=any but they
    >> don't show all records, even if I directly query an authoritative DNS
    >> server for the domain. Do most DNS servers no longer support querying
    >> for all records, as a security precaution?
    >>
    >> With the examples below, all I get are the domain A, MX, NS, and TXT
    >> records. These domains should at least have an A record for the www
    >> host, but that doesn't show up. Any suggestions are appreciated.
    >>
    >> --------------- First domain I tried. Same result with -q=any.
    >> ---------------
    >>
    >> C:\>nslookup -q=all novell.com ns.novell.com
    >> Server: ns.novell.com
    >> Address: 137.65.1.1
    >> novell.com
    >> primary name server = ns.novell.com
    >> responsible mail addr = bwayne.novell.com
    >> serial = 2008111301
    >> refresh = 7200 (2 hours)
    >> retry = 900 (15 mins)
    >> expire = 604800 (7 days)
    >> default TTL = 21600 (6 hours)
    >> novell.com nameserver = ns2.novell.com
    >> novell.com nameserver = NS.UTAH.EDU
    >> novell.com nameserver = ns.novell.com
    >> novell.com MX preference = 2, mail exchanger =
    >> prv2-mx.provo.novell.com
    >> novell.com MX preference = 2, mail exchanger =
    >> prv-mx.provo.novell.com
    >> novell.com MX preference = 2, mail exchanger =
    >> prv1-mx.provo.novell.com
    >> novell.com internet address = 130.57.5.70
    >> NS.UTAH.EDU internet address = 128.110.124.120
    >> ns.novell.com internet address = 137.65.1.1
    >> ns2.novell.com internet address = 137.65.1.2
    >> prv-mx.provo.novell.com internet address = 130.57.1.10
    >> prv1-mx.provo.novell.com internet address = 130.57.1.11
    >> prv2-mx.provo.novell.com internet address = 130.57.1.12
    >> --------------- Another domain I tried. Same result with -q=any.
    >> ---------------
    >>
    >> C:\>nslookup -q=all cisco.com ns1.cisco.com
    >> Server: ns1.cisco.com
    >> Address: 128.107.241.185
    >> DNS request timed out.
    >> timeout was 2 seconds.
    >> cisco.com text =
    >> "v=spf1 ip4:171.68.0.0/14 ip4:64.100.0.0/14 ip4:64.104.0.0/16
    >> ip4:128.107.0.0/16 ip4:144.254.0.0/16 ip4:66.187.208.0/20 ~all"
    >> cisco.com
    >> primary name server = dns-sjc3-2-l.cisco.com
    >> responsible mail addr = postmaster.cisco.com
    >> serial = 9110922
    >> refresh = 7200 (2 hours)
    >> retry = 1800 (30 mins)
    >> expire = 864000 (10 days)
    >> default TTL = 86400 (1 day)
    >> cisco.com nameserver = ns2.cisco.com
    >> cisco.com nameserver = ns1.cisco.com
    >> cisco.com internet address = 198.133.219.25
    >> cisco.com MX preference = 10, mail exchanger =
    >> sj-inbound-a.cisco.com
    >> cisco.com MX preference = 10, mail exchanger =
    >> sj-inbound-b.cisco.com
    >> cisco.com MX preference = 10, mail exchanger =
    >> sj-inbound-c.cisco.com
    >> cisco.com MX preference = 10, mail exchanger =
    >> sj-inbound-d.cisco.com
    >> cisco.com MX preference = 10, mail exchanger =
    >> sj-inbound-e.cisco.com
    >> cisco.com MX preference = 10, mail exchanger =
    >> sj-inbound-f.cisco.com
    >> cisco.com MX preference = 20, mail exchanger =
    >> ams-inbound-a.cisco.com
    >> cisco.com MX preference = 25, mail exchanger =
    >> syd-inbound-a.cisco.com

    >
    >




  4. #4
    Mel K. Guest

    I think I found the answer

    From http://support.microsoft.com/kb/200525 regarding nslookup.



    Nslookup can be used to transfer an entire zone by using the ls command.
    Zone transfers can be blocked at the DNS server so that only authorized
    addresses or networks can perform this function. The following error will be
    returned if zone security has been set: *** Can't list domain example.com.:
    Query refused.



    I believe that this is the same issue with dnscmd /zoneexport. If you're
    running any command to transfer/export a zone and the computer that you're
    running the command on is not listed for "allow transfer" of the zone,
    you'll get an error.



    I got the error below after running the nsookup ls command on my DC/DNS
    server (Windows Server 2003 SP2). My AD-integrated zone doesn't allow zone
    transfers at all. So this does all go back to the issue of security.



    C:\>nslookup


    Default Server: dc-1.my-domain.ad

    Address: 10.10.10.2

    > ls my-domain.ad



    [dc-1.my-domain.ad]


    *** Can't list domain my-domain.ad: Query refused

    The DNS server refused to transfer the zone my-domain.ad to your computer.
    If this


    is incorrect, check the zone transfer security settings for my-domain.ad on
    the DNS

    server at IP address 10.10.10.2.




    --
    Thank you,
    Mel K.
    MCSA: M

    "Mel K." <Mel.K@nowhere.com> wrote in message
    news:uKs36$dbJHA.1272@TK2MSFTNGP04.phx.gbl...
    > Meinolf:
    >
    > Thanks for the reply. I tried running the command you mentioned from an XP
    > computer and got the error below. It doesn't look like that command works
    > with external DNS severs/zones outside of your AD/DNS domain.
    >
    > Command failed: RPC_S_SERVER_UNAVAILABLE 1722 (000006ba)
    >
    > --
    > Thank you,
    > Mel K.
    > MCSA: M
    > "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
    > news:ff16fb6611c508cb3ae7fc463418@msnews.microsoft.com...
    >> Hello Mel K.,
    >>
    >> Check out dnscmd:
    >> http://technet.microsoft.com/en-us/l.../cc778513.aspx
    >>
    >> Export zone resource records list to a file
    >> To export the resource record list from the test.reskit.com zone on the
    >> reskit.com DNS server, type:
    >>
    >> dnscmd reskit.com /zoneexport test.reskit.com test.reskit.com.dns
    >>
    >>
    >> Best regards
    >>
    >> Meinolf Weber
    >> Disclaimer: This posting is provided "AS IS" with no warranties, and
    >> confers no rights.
    >> ** Please do NOT email, only reply to Newsgroups
    >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
    >>
    >>> Hello:
    >>>
    >>> I'm trying to find the correct nslookup command to list all records
    >>> for a domain. Is this possible? I've tried -q=all and -q=any but they
    >>> don't show all records, even if I directly query an authoritative DNS
    >>> server for the domain. Do most DNS servers no longer support querying
    >>> for all records, as a security precaution?
    >>>
    >>> With the examples below, all I get are the domain A, MX, NS, and TXT
    >>> records. These domains should at least have an A record for the www
    >>> host, but that doesn't show up. Any suggestions are appreciated.
    >>>
    >>> --------------- First domain I tried. Same result with -q=any.
    >>> ---------------
    >>>
    >>> C:\>nslookup -q=all novell.com ns.novell.com
    >>> Server: ns.novell.com
    >>> Address: 137.65.1.1
    >>> novell.com
    >>> primary name server = ns.novell.com
    >>> responsible mail addr = bwayne.novell.com
    >>> serial = 2008111301
    >>> refresh = 7200 (2 hours)
    >>> retry = 900 (15 mins)
    >>> expire = 604800 (7 days)
    >>> default TTL = 21600 (6 hours)
    >>> novell.com nameserver = ns2.novell.com
    >>> novell.com nameserver = NS.UTAH.EDU
    >>> novell.com nameserver = ns.novell.com
    >>> novell.com MX preference = 2, mail exchanger =
    >>> prv2-mx.provo.novell.com
    >>> novell.com MX preference = 2, mail exchanger =
    >>> prv-mx.provo.novell.com
    >>> novell.com MX preference = 2, mail exchanger =
    >>> prv1-mx.provo.novell.com
    >>> novell.com internet address = 130.57.5.70
    >>> NS.UTAH.EDU internet address = 128.110.124.120
    >>> ns.novell.com internet address = 137.65.1.1
    >>> ns2.novell.com internet address = 137.65.1.2
    >>> prv-mx.provo.novell.com internet address = 130.57.1.10
    >>> prv1-mx.provo.novell.com internet address = 130.57.1.11
    >>> prv2-mx.provo.novell.com internet address = 130.57.1.12
    >>> --------------- Another domain I tried. Same result with -q=any.
    >>> ---------------
    >>>
    >>> C:\>nslookup -q=all cisco.com ns1.cisco.com
    >>> Server: ns1.cisco.com
    >>> Address: 128.107.241.185
    >>> DNS request timed out.
    >>> timeout was 2 seconds.
    >>> cisco.com text =
    >>> "v=spf1 ip4:171.68.0.0/14 ip4:64.100.0.0/14 ip4:64.104.0.0/16
    >>> ip4:128.107.0.0/16 ip4:144.254.0.0/16 ip4:66.187.208.0/20 ~all"
    >>> cisco.com
    >>> primary name server = dns-sjc3-2-l.cisco.com
    >>> responsible mail addr = postmaster.cisco.com
    >>> serial = 9110922
    >>> refresh = 7200 (2 hours)
    >>> retry = 1800 (30 mins)
    >>> expire = 864000 (10 days)
    >>> default TTL = 86400 (1 day)
    >>> cisco.com nameserver = ns2.cisco.com
    >>> cisco.com nameserver = ns1.cisco.com
    >>> cisco.com internet address = 198.133.219.25
    >>> cisco.com MX preference = 10, mail exchanger =
    >>> sj-inbound-a.cisco.com
    >>> cisco.com MX preference = 10, mail exchanger =
    >>> sj-inbound-b.cisco.com
    >>> cisco.com MX preference = 10, mail exchanger =
    >>> sj-inbound-c.cisco.com
    >>> cisco.com MX preference = 10, mail exchanger =
    >>> sj-inbound-d.cisco.com
    >>> cisco.com MX preference = 10, mail exchanger =
    >>> sj-inbound-e.cisco.com
    >>> cisco.com MX preference = 10, mail exchanger =
    >>> sj-inbound-f.cisco.com
    >>> cisco.com MX preference = 20, mail exchanger =
    >>> ams-inbound-a.cisco.com
    >>> cisco.com MX preference = 25, mail exchanger =
    >>> syd-inbound-a.cisco.com

    >>
    >>

    >
    >




  5. #5
    Leander de Graaf Guest

    Re: I think I found the answer

    Mel K. schreef:
    > From http://support.microsoft.com/kb/200525 regarding nslookup.
    >
    >
    >
    > Nslookup can be used to transfer an entire zone by using the ls command.
    > Zone transfers can be blocked at the DNS server so that only authorized
    > addresses or networks can perform this function. The following error will be
    > returned if zone security has been set: *** Can't list domain example.com.:
    > Query refused.
    >
    >
    >
    > I believe that this is the same issue with dnscmd /zoneexport. If you're
    > running any command to transfer/export a zone and the computer that you're
    > running the command on is not listed for "allow transfer" of the zone,
    > you'll get an error.
    >
    >
    >
    > I got the error below after running the nsookup ls command on my DC/DNS
    > server (Windows Server 2003 SP2). My AD-integrated zone doesn't allow zone
    > transfers at all. So this does all go back to the issue of security.
    >
    >
    >
    > C:\>nslookup
    >
    >
    > Default Server: dc-1.my-domain.ad
    >
    > Address: 10.10.10.2
    >
    >> ls my-domain.ad

    >
    >
    > [dc-1.my-domain.ad]
    >
    >
    > *** Can't list domain my-domain.ad: Query refused
    >
    > The DNS server refused to transfer the zone my-domain.ad to your computer.
    > If this
    >
    >
    > is incorrect, check the zone transfer security settings for my-domain.ad on
    > the DNS
    >
    > server at IP address 10.10.10.2.
    >
    >
    >
    >


    The zone transfer capability of the server hosting the domain has been
    limited to a specific range of addresses. To change this i suggest doing
    what the output of the nslookup command is telling you.

    "check the zone transfer security settings for my-domain.ad on the DNS
    server"

Similar Threads

  1. List of improvement in Binary Domain Online game
    By Speedy $inghs in forum Video Games
    Replies: 5
    Last Post: 14-04-2012, 05:10 PM
  2. Domain Admins Security member list
    By denizcakan in forum Windows Server Help
    Replies: 2
    Last Post: 24-07-2011, 12:37 AM
  3. Find the list of subdomains of a Web domain
    By EricTheRed in forum Tips & Tweaks
    Replies: 2
    Last Post: 11-03-2011, 03:46 AM
  4. Our domain name added in SPAMMER list
    By Kickapoo in forum Technology & Internet
    Replies: 7
    Last Post: 12-05-2010, 09:50 AM
  5. Replies: 1
    Last Post: 10-06-2005, 07:52 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •