How to see all records in a DNS domain from a nameserver using dig and a zone transfer

If a nameserver has not been secured to restrict zone transfers you can request one to see all the records in a particular domain zone by using Dig –

So to find a nameserver for a particular domain:

dig domain.com ns

Then to find if you can get all the records use the namesever of that particular domain to search the domain:

dig @nameserver.com domain.com axfr

So lets look at bbc.com

dig bbc.com ns

And you get 3 nameservers:

;; ANSWER SECTION:
bbc.com. 900 IN NS ns1.tcams.bbc.co.uk.
bbc.com. 900 IN NS ns1.thdow.bbc.co.uk.
bbc.com. 900 IN NS ns1.rbsov.bbc.co.uk.

Then query one of the nameservers with the domain followed by axfr

dig @ns1.tcams.bbc.co.uk bbc.com axfr

You are either returned the full list of A records if the nameserver is unsecured or it will fail with the following:

; <<>> DiG 9.8.3-P1 <<>> @ns1.tcams.bbc.co.uk bbc.com axfr
; (1 server found)
;; global options: +cmd
; Transfer failed.

Leave all Comment