I think I found the answer
- From: "Mel K." <Mel.K@xxxxxxxxxxx>
- Date: Sat, 3 Jan 2009 19:37:03 -0500
From http://support.microsoft.com/kb/200525 regarding nslookup.
Nslookup can be used to transfer an entire zone by using the ls command.
Zone transfers can be blocked at the DNS server so that only authorized
addresses or networks can perform this function. The following error will be
returned if zone security has been set: *** Can't list domain example.com.:
Query refused.
I believe that this is the same issue with dnscmd /zoneexport. If you're
running any command to transfer/export a zone and the computer that you're
running the command on is not listed for "allow transfer" of the zone,
you'll get an error.
I got the error below after running the nsookup ls command on my DC/DNS
server (Windows Server 2003 SP2). My AD-integrated zone doesn't allow zone
transfers at all. So this does all go back to the issue of security.
C:\>nslookup
Default Server: dc-1.my-domain.ad
Address: 10.10.10.2
ls my-domain.ad
[dc-1.my-domain.ad]
*** Can't list domain my-domain.ad: Query refused
The DNS server refused to transfer the zone my-domain.ad to your computer.
If this
is incorrect, check the zone transfer security settings for my-domain.ad on
the DNS
server at IP address 10.10.10.2.
--
Thank you,
Mel K.
MCSA: M
"Mel K." <Mel.K@xxxxxxxxxxx> wrote in message
news:uKs36$dbJHA.1272@xxxxxxxxxxxxxxxxxxxxxxx
Meinolf:
Thanks for the reply. I tried running the command you mentioned from an XP
computer and got the error below. It doesn't look like that command works
with external DNS severs/zones outside of your AD/DNS domain.
Command failed: RPC_S_SERVER_UNAVAILABLE 1722 (000006ba)
--
Thank you,
Mel K.
MCSA: M
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6611c508cb3ae7fc463418@xxxxxxxxxxxxxxxxxxxxxxx
Hello Mel K.,
Check out dnscmd:
http://technet.microsoft.com/en-us/library/cc778513.aspx
Export zone resource records list to a file
To export the resource record list from the test.reskit.com zone on the
reskit.com DNS server, type:
dnscmd reskit.com /zoneexport test.reskit.com test.reskit.com.dns
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello:
I'm trying to find the correct nslookup command to list all records
for a domain. Is this possible? I've tried -q=all and -q=any but they
don't show all records, even if I directly query an authoritative DNS
server for the domain. Do most DNS servers no longer support querying
for all records, as a security precaution?
With the examples below, all I get are the domain A, MX, NS, and TXT
records. These domains should at least have an A record for the www
host, but that doesn't show up. Any suggestions are appreciated.
--------------- First domain I tried. Same result with -q=any.
---------------
C:\>nslookup -q=all novell.com ns.novell.com
Server: ns.novell.com
Address: 137.65.1.1
novell.com
primary name server = ns.novell.com
responsible mail addr = bwayne.novell.com
serial = 2008111301
refresh = 7200 (2 hours)
retry = 900 (15 mins)
expire = 604800 (7 days)
default TTL = 21600 (6 hours)
novell.com nameserver = ns2.novell.com
novell.com nameserver = NS.UTAH.EDU
novell.com nameserver = ns.novell.com
novell.com MX preference = 2, mail exchanger =
prv2-mx.provo.novell.com
novell.com MX preference = 2, mail exchanger =
prv-mx.provo.novell.com
novell.com MX preference = 2, mail exchanger =
prv1-mx.provo.novell.com
novell.com internet address = 130.57.5.70
NS.UTAH.EDU internet address = 128.110.124.120
ns.novell.com internet address = 137.65.1.1
ns2.novell.com internet address = 137.65.1.2
prv-mx.provo.novell.com internet address = 130.57.1.10
prv1-mx.provo.novell.com internet address = 130.57.1.11
prv2-mx.provo.novell.com internet address = 130.57.1.12
--------------- Another domain I tried. Same result with -q=any.
---------------
C:\>nslookup -q=all cisco.com ns1.cisco.com
Server: ns1.cisco.com
Address: 128.107.241.185
DNS request timed out.
timeout was 2 seconds.
cisco.com text =
"v=spf1 ip4:171.68.0.0/14 ip4:64.100.0.0/14 ip4:64.104.0.0/16
ip4:128.107.0.0/16 ip4:144.254.0.0/16 ip4:66.187.208.0/20 ~all"
cisco.com
primary name server = dns-sjc3-2-l.cisco.com
responsible mail addr = postmaster.cisco.com
serial = 9110922
refresh = 7200 (2 hours)
retry = 1800 (30 mins)
expire = 864000 (10 days)
default TTL = 86400 (1 day)
cisco.com nameserver = ns2.cisco.com
cisco.com nameserver = ns1.cisco.com
cisco.com internet address = 198.133.219.25
cisco.com MX preference = 10, mail exchanger =
sj-inbound-a.cisco.com
cisco.com MX preference = 10, mail exchanger =
sj-inbound-b.cisco.com
cisco.com MX preference = 10, mail exchanger =
sj-inbound-c.cisco.com
cisco.com MX preference = 10, mail exchanger =
sj-inbound-d.cisco.com
cisco.com MX preference = 10, mail exchanger =
sj-inbound-e.cisco.com
cisco.com MX preference = 10, mail exchanger =
sj-inbound-f.cisco.com
cisco.com MX preference = 20, mail exchanger =
ams-inbound-a.cisco.com
cisco.com MX preference = 25, mail exchanger =
syd-inbound-a.cisco.com
.
- Follow-Ups:
- Re: I think I found the answer
- From: Leander de Graaf
- Re: I think I found the answer
- References:
- List all records for domain
- From: Mel K.
- Re: List all records for domain
- From: Meinolf Weber [MVP-DS]
- Re: List all records for domain
- From: Mel K.
- List all records for domain
- Prev by Date: Re: List all records for domain
- Next by Date: DNS Zones
- Previous by thread: Re: List all records for domain
- Next by thread: Re: I think I found the answer
- Index(es):
Relevant Pages
|
Loading
