Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, February 19, 2009 9:24 AM
Hi...
Here is the scenario, on my own domain, but have network connectivity to another domain (Parent company), no AD trusts or anything in place just physical connectivity (Obviously things like DHCP etc are blocked away from each other)..
I can use nslookup and do the following:
nslookup
set type=soa
<domain I know they have>
This gives me the DNS servers of that zone...
I can then do..
server <server given above>
ls -d <zone name>
And because they are Win 2000 DNS and they have not disabled it, I can view all the records...
My question is, how can I find a way of listing all the DNS zones that are on a DNS server... so for example how can I use nslookup to say, right on this server please show me all zones, with an output thats like:
company.local
company.com
company-test.com
etc??
All replies (4)
Thursday, February 19, 2009 9:52 AM
Hi,
If you are on your windows dns server, you can use dnscmd /enumzones to list all the zones.Have a nice day! The Masterplan - MCSE,MCITP-EA http://winmasterplan.blogspot.com
Thursday, February 19, 2009 12:00 PM
Hi,
Can I do that from a client workstation remotely.... that is the right kind of tool I need but a client based one?
Also I have just run it and its saying access denied etc... unless I run it as a domain admin of somekind, surely if I can query it for records, I should be able to query what zones the server holds without credentials??
Thanks
Thursday, February 19, 2009 1:20 PM
I'm not sure i completely understand what you want to do.
You can use dnscmd as long as the user that is running the application is a member in the Administrators or Server Operators group on the target server (so you can use it only on your dns servers). With nslookup, you can query other (external) dns servers entries as much as these servers permit by their configuration (so you cannot query for all the things you want - quite a security problem).
Have a nice day! The Masterplan - MCSE,MCITP-EA http://winmasterplan.blogspot.com
Friday, February 20, 2009 2:06 PM
Hi...
As a client without any authentication, I can query a dns server for any record for a client I choose.
All I want to do, instead of saying where is client.domain.com, just tell me which domain.com zones you are responsible for?
I do not see why I need to be admin or server operator to do this?