1) For DNS based on MSWin:
$ nslookup -type=srv _ldap._tcp.dc._msdcs.your_domain
#this should work in Win and Lin
#the same with dig:
$ dig -t any _ldap._tcp.dc._msdcs.your_domain
#doesn't work in all cases ;-(
2) For general DNS:
$ dig -t any domain
#or:
$ dig ALL domain
#or:
$ dig +short ALL domain
#these gives IP's of all domain controllers in domain, now get hostnames from IP:
$ dig -x IP | awk ' /PTR/ {print $NF}'
# -x is reverse nslookup, then grep for PTR regexp and then print last filed, which is hostname
#since not all PTR have hostname, grep -v them with awk \!/PTR/:
for NS in `dig +short ALL your_domain`
do
dig -x $NS | awk ' /PTR/ { print $NF } ' | awk \!/PTR/
done
#or:
$ nslookup IP
3) list of DNS record types:
http://en.wikipedia.org/wiki/List_of_DNS_record_types
No comments:
Post a Comment