[ale] Locating the name of public facing machines within a domain

JD jdp at algoloma.com
Thu Aug 8 16:18:20 EDT 2013 

There may be no way to know all the public websites.
If they have wildcard DNS forwarding, many many many virtual domains can be
hosted - not just on a single server, but across very large numbers if a reverse
proxy is used.

BTW, I do this myself - and there is no public record of all the domains hosted.
 If htere isn't any public linking to it, I don't see how you could locate these
without much more access than you have.



On 08/08/2013 04:05 PM, Tom Freeman wrote:
> Ok - short result as noted in the web link, and the other responses (thank you
> all!), if authoritative server is set up to allow the AXFR transfer, this is
> easy with dig. Otherwise, you are pretty much SOL, on a very sincere level.
> 
> As for trying the various posibilities - already done that and failed. Worth a
> try obviously.
> 
> Going in with nmap was suggested as possible on the web page, but I _really_
> don't want my sysadmins thinking I'm trying to attack them! In fact, I don't
> want to find out whether or not they are paying good enough attention to notice
> such.
> 
> Guess I'll need to wait on support then...
> 
> To one and all - thank you!
> 
> On Thu, 8 Aug 2013, Chad Huneycutt wrote:
> 
>> This should help:
>> http://serverfault.com/questions/138949/list-all-dns-records-in-a-domain-using-dig
>>
>>
>> - Chad
>>
>> On Thu, Aug 8, 2013 at 11:17 AM, Tom Freeman
>> <tfreeman at intel.digichem.net> wrote:
>>>
>>> I almost guarentee that the Subject line should be better phrased...
>>>
>>> In any event... I has been long enought since I needed to much with DNS type
>>> stuff that if I ever knew the answer, I have forgotten that I knew. I
>>> need/want to locate _all_ of the public internet facing machine names of my
>>> employer in order to locate the correct URL address for what I need to do.
>>> (Yes - asking support is feasable, but they are over loaded and I know that
>>> the machine name is related to the service I want)
>>>
>>> An example might help (I hope so at least). Say I want to get into the old
>>> Moodle system (which is being retired, but isn't shut down quite yet). Is it
>>> moo1.myschool.edu, moodle1.myschool.edu, oldmoo.myschool.edu or some other
>>> variant? I don't need/want the IP addresses, but the machine names.
>>>
>>> Support people at work are sadly overloaded, so response times are rising at
>>> the moment. I'd like to be able to dig my way out of this challenge.
>>>
>>> So far - I haven't asked the Google a correctly formed question to return
>>> anything semi-useful in the first 100 + responses. I have looked at the dig
>>> man page, and that seems like it should work, but haven't managed to wrap my
>>> head around things yet.
>>>
>>> Thankyou one and all for the use of your bandwidth!
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>

More information about the Ale mailing list