Find out the subdomains of a given domain name with dig

First, find out the name server(s) for the domain name in question:

dig wikipedia.com

Look under the “AUTHORITY SECTION”:

;; AUTHORITY SECTION:
wikipedia.com.        163475    IN    NS    ns2.wikimedia.org.
wikipedia.com.        163475    IN    NS    ns1.wikimedia.org.
wikipedia.com.        163475    IN    NS    ns0.wikimedia.org.

In this case wikipedia.com has 3 name servers: ns0.wikimedia.org, ns1.wikimedia.org and ns2.wikimedia.org. Now we can query one of these three servers for the subdomains of wikipedia.com:

dig @ns1.wikimedia.org wikipedia.com axfr

Here is what we get back (the list is rather long, so I have truncated it quite a bit);

; <<>> DiG 9.5.0-P2 <<>> @ns1.wikimedia.org wikipedia.com axfr
; (1 server found)
;; global options:  printcmd
wikipedia.com.        3600    IN    A    208.80.152.2
wikipedia.com.        86400    IN    NS    ns0.wikimedia.org.
wikipedia.com.        86400    IN    NS    ns1.wikimedia.org.
wikipedia.com.        86400    IN    NS    ns2.wikimedia.org.
wikipedia.com.        3600    IN    MX    50 lists.wikimedia.org.
wikipedia.com.        3600    IN    MX    10 mchenry.wikimedia.org.
aa.wikipedia.com.    3600    IN    CNAME    rr.wikimedia.org.
aa.mobile.wikipedia.com. 3600    IN    CNAME    rr.wikimedia.org.
aa.wap.wikipedia.com.    3600    IN    CNAME    rr.wikimedia.org.
ab.wikipedia.com.    3600    IN    CNAME    rr.wikimedia.org.
ab.mobile.wikipedia.com. 3600    IN    CNAME    rr.wikimedia.org.
ab.wap.wikipedia.com.    3600    IN    CNAME    rr.wikimedia.org.
...
...
...

Note: Not all dns servers will allow axfr protocol queiries. Those will return “Transfer failed”.

Sunday, February 8th, 2009 Linux, Networking

2 Comments to Find out the subdomains of a given domain name with dig

hello, how are you?
i see you use captcha too to disable spam

so here goes the question:
what option should be enabled that my bind would pass this info for all domains…