named exploits are usefull for finding out what's
inside a named.conf even in chroot jails.
- 2 cents
--- Paul Schmehl <pauls@xxxxxxxxxxxx> wrote:
Can this be done?
Conditions:
1) You know an IP address that is running a DNS
server. (IOW, it responds
to digs.)
2) You do not know the hostname or domain of the
host.
3) The DNS server does not allow zone transfers.
You want to find out *all* the domains that that DNS
server is
authoritative for. (Essentially you're trying to
find out what's in the
named.conf file rather than zone file info.)
Has anyone written a tool that can do this? I
thought about the
possibility of parsing all the registration sites
for the Primary and
Backup NS, but that would take forever. I imagine
you could write a perl
script that would access the web interfaces, do the
queries and return the
results, but it would run for days...
Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.netsys.com/full-disclosure-charter.html
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html