Find all current DNS records

For mail:

First, just look up the MX records – those define which servers incoming mail is routed through.

$ dig gmail.com MX
gmail.com.      3412 IN MX 5 gmail-smtp-in.l.google.com.
gmail.com.      3412 IN MX 10 alt1.gmail-smtp-in.l.google.com.

If you must start with an empty domain, you'll receive mail fine as long as you have MX records in place.

Now for the whole domain.

There's a small chance that the domain allows zone transfers, so try that:

  1. Look up the domain's authoritative nameservers:

    $ dig gnu.org NS
    gnu.org.        298 IN NS ns1.gnu.org.
    gnu.org.        298 IN NS ns2.gnu.org.
    

    Windows: nslookup -q=ns gnu.org

  2. Request a zone transfer from one of them, using the special "AXFR" query type:

    $ dig gnu.org AXFR @ns1.gnu.org
    gnu.org.            300 IN SOA ns1.gnu.org. hostmaster.gnu.org. 2014031109 3600 120 1209600         3600
    gnu.org.            300 IN MX 10 eggs.gnu.org.
    gnu.org.            300 IN A 208.118.235.148
    alpha.gnu.org.      300 IN A 208.118.235.21
    alpha.gnu.org.      300 IN AAAA 2001:4830:134:3::c
    anoncvs.gnu.org.    300 IN CNAME savannah.gnu.org.
    .....
    

    Windows has a separate command inside nslookup:

    C:\> nslookup
    > server ns1.gnu.org
    > ls -a gnu.org
    

Another method is NSEC walking, though it works only with DNSSEC-signed domains and only those using regular NSEC (not NSEC3).

  • Note, however, if the domain is DNSSEC-signed, then having all subdomains is not enough – you must also obtain the DNSSEC signing keys from the current admins! So the very fact that this method works already makes it useless (except for a last-resort backup).

Anyway. Since NSEC records must (by definition) contain the 'next' existing domain name, you can look up NSEC for the domain root and follow the chain until you go full circle. ldns has a tool for this:

$ ldns-walk -f isc.org
...
backdraft.isc.org.      7200    IN  A   149.20.50.14
backupproxy.isc.org.    7200    IN  A   149.20.48.23
banana.isc.org.         7200    IN  A   149.20.64.69
banana.isc.org.         7200    IN  AAAA    2001:4f8:0:2::69
bcn1.isc.org.           3600    IN  NS  ams.sns-pb.isc.org.
...

Those are the only automated methods. If neither works, you will need to convince the current domain admins to send you the data.

Honestly I cannot even imagine them refusing to give you at least a list of subdomains; doesn't the regular "domain management" panel show them anyway?


You could do a lookup on a service like http://viewdns.info/ if the current hosting provider is not willing to give up the details about DNS records.

The functions you will need are found in these two tools:

enter image description here

and

enter image description here

This should get you all the information you need to set up similar records on your new host.


Unless the current provider allows zone transfers (he doesn’t ;)), you cannot reliably get all records for a domain and all its subdomains.

Tags:

Dns

Domain