Find cnames

[gpatrick]

Suppose I have a CNAME of rl0.devprovider.domain.com and I want to find all hosts associated with this cname.

And the reverse of that, how does one find all cname's for a host, given a host of x123.domain.com?

I haven't been able to find the information, so what is the proper syntax using dig, or another utility like nslookup?

 

[gordon@]

Without having the zones in question, you can't find this information out from commandline utilities like dig or nslookup

 

[mamalos]

In the past, a common misconfiguration was to allow zone transfers from DNS servers. You could "exploit" this feature by running host -l ns1.targetdns.com and get all records...but this was in the past.

Another way you may find what you're looking for is something noticed in some Plesk installations. In order for the smtp to work "properly", for each CNAME record a corresponding PTR record was stored. This way, you could see the CNAMEs by first asking about the NS record of the CNAME in question, and then ask the specific nameserver to perform the reverse lookup. So, for example, if the CNAME points to the address 1.2.3.4 and the NS record for CNAME returns 2.3.4.5, a query like:

$ host 1.2.3.4 2.3.4.5

may return some or all of the CNAMEs of this zone. This still works on some specific domains that I've tried. The interesting thing is that this thing works ONLY if you ask the zone's nameserver...

Good luck

 

[vivek]

No you can't find out without zone file or you need access to secondary name server (so that you can use dig or any other command to test it).