I have a question about dns servers.I was under impression that it is
not posible to see list of all domains some dns server is responsable
for.Basically I thought that dns servers don't list all their zones to
anybody who request it.Then I found tool on domaintools.com called dns
server spy and it seems to do just that.It list all of my domains (
zone files ) which are on my dns server.How is this posible ? What
kind of query dns server spy sends to dns server to get this info ? As
its not normal dns query,and its not zone transfer,because in all
these queries domain name ( zone name ) is required.Also I am
wondering how to prevent this from happeningOr is there some other method this tool ( dns server spy ) works ?
Maybe it doesn't querry my dns server directly ? If not,how it knows
all of domains name which my server is authoritative for ?Hello pua4life,
Have you tried running a network sniffer on the machine that is
performing the DNS query?
Also try running the domain tools software on a machine that is not
connected to the domain. This way it will ensure it is classed as a
rogue PC.
My initial reaction is that it is a Zone transfer, you have not
secured your Zone transfer IP addesses and have a default windows 2000
setup whereby zone transfers are not secure by default. Also, the
initial domain name can be received from the local host so this could
be used to obtain your SOA.
Also try using NSLOOKUP
START -> Run
Type "CMD"
then type
NSLOOKUP
then type
"ls yourdomain.com"
If you get the following
"> ls mydomain.com
[localhost]
*** Can't list domain mydomain.com Non-existent domain
The DNS server refused to transfer the zone mydomain.com to your computer.
If this
is incorrect, check the zone transfer security settings for mydomain.com on
the DNS
server at IP address 127.0.0.1."
This will show you if you have zone transfers enabled.
You may also be able to play with the nslookup command to find out if
the software is just a nice interface for nslookup
http://support.microsoft.com/kb/200525/
Once you have tried the network sniffer and checked the Zone transfers
let me know what you find out, and if that works to solve your
problem.
--Keystroke-gaHello pua4life,
Try running a network sniffer on the machine that is
performing the DNS query.
Also try running the domain tools software on a machine that is not
connected to the domain. This way it will ensure it is classed as a
rogue PC.
My initial reaction is that it is a Zone transfer, you have not
secured your Zone transfer IP addesses and have a default windows 2000
setup whereby zone transfers are not secure by default. Also, the
initial domain name can be received from the local host so this could
be used to obtain your SOA.
Also try using NSLOOKUP
START -> Run
Type "CMD"
then type
NSLOOKUP
then type
"ls yourdomain.com"
If you get the following
"> ls mydomain.com
[localhost]
*** Can't list domain mydomain.com Non-existent domain
The DNS server refused to transfer the zone mydomain.com to your computer.
If this
is incorrect, check the zone transfer security settings for mydomain.com on
the DNS
server at IP address 127.0.0.1."
This will show you if you have zone transfers enabled.
You may also be able to play with the nslookup command to find out if
the software is just a nice interface for nslookup
http://support.microsoft.com/kb/200525/
Once you have tried the network sniffer and checked the Zone transfers
let me know what you find out, and if that works to solve your
problem.
--Keystroke-ga
November 18th 2008 Posted to
munchsmadonna.com edit