Hi all, Abusing a TLD is nothing new...it's just recently that Verisign has done it with .com and .net. There are many other TLDs that are "sucked up". Sub TLDs also get sucked in...I am not listing them all here. Hereby some of the TLD A record suckers: .cc 206.253.214.101 .sh 194.205.62.62 .cx 219.88.106.80 .td 146.101.245.154 .tm 194.205.62.42 .tv 65.201.175.144 .mp 202.128.12.163 .ws 216.35.187.246 .ph 203.119.4.6 .io 194.205.62.107 and now: .com 64.94.110.11 .net 64.94.110.11 Also - the list change every day - don't ever hard code any of this - rather look at the attached PERL script to do it in real time. Furthermore - many TLD's MX records also get sucked in. Attached is a PERL module that we have been using for a while within our BigRed Security Assessment Console that will expand any number of domains to all their TLDs. For instance, after running the PERL script on sensepost.com it returns sensepost.co.za, sensepost.com and sensepost.co.uk. It weeds out all the other A and MX "suckers". It works 99% - every now and again one or two template domains slips in (especially where dynamic DNS is used, or entries are changed rapidly). The PERL script works as a stand-alone script - you don't need to purchase the BigRed framework to use it. Tested on FreeBSD - it called nslookup externally - so maybe just look at the call itself if you are not getting joy. Also - please set the nameserver. The default one in there should work fine but could be a bit slow. Enjoy, Roelof. ===================== Roelof Temmingh roelof@xxxxxxxxxxxxx +27 12 667 4737 GMT+2 =====================
Attachment:
exp-tld2-public.pl
Description: Perl program