Question : How to properly query a domain for all DNS records

I've been using www.who.is, but it seems like it sometimes doesn't pull all the info, especially CNAMEs or A records

Any advice would be appreciated

Answer : How to properly query a domain for all DNS records

A tool like WHOIS from any provider can provide you with the DNS servers for a specific domain (NS records). Once you know the name servers, you can query these directly. If the DNS servers allow for a zone transfer, you'll be able to obtain all the records for the DNS zone.

In Windows, you could use:

nslookup
server x.x.x.x (where x.x.x.x matches one of the zones NS records)
set type=any
ls -d company.net
exit

If the zone does not allow for zone transfers, you could use a tool to enumerate DNS records like with FierceDNS (perl script):

http://carnal0wnage.blogspot.com/2007/12/fiercedns-for-dns-enumeration.html

Hope this helps...

Mike

Random Solutions

Free PC Remote Control Solution

Dynamic DNS query

Retruning a count with GROUP_CONCAT

Broke HP NIC Teaming - now RDP and ICA traffic is refused

Configure Router Behind Cable Modem IP for Remote Desktop

mails from sendmail not being sent until sendmail is restarted

setting up secondary DNS server help

Slow XP pro Logon to Server 2003 domain