How does "nslookup -ls" work?
I can confirm that nslookup ls in Windows will issue an AXFR query.
The image below shows the query response from my home DNS server to an nslookup ls query from my Windows 10 client.
Servers are neither dumb nor smart. The people who install, configure and manage servers are responsible for the "dumbness" or smartness" of the OS, applications, services, etc. running on those servers. I temporarily allowed zone transfers to any server in order to capture the DNS traffic from my DNS server to my client machine in order to provide the image in my answer. Is the server "dumb" for allowing the transfer? No, but it might be considered "dumb" for me to keep my server configured in this manner.
Quuxplusone
Updated on September 18, 2022Comments
-
Quuxplusone almost 2 years
I've been going through the 4th Edition (2001, yes, very old) of the O'Reilly "DNS and Bind" book, and it keeps talking about
nslookup
, which seems to be relatively hard to get one's hands on in this decade.In particular, they keep mentioning
nslookup -ls
as a way to "pull a copy of a zone." Microsoft's docs also say:Lists information for a Domain Name System (DNS) domain.
All of my references ("DNS and Bind", Microsoft, random web pages) seem to be very coy about how
nslookup -ls
actually works. (And it's not implemented in the version ofnslookup
on my MacBook.) They also don't say anything suggestive about troubleshooting, like, "Ifnslookup -ls
is showing no results, check to make sure your name server is configured to respond to unauthorizedAXFR
messages."Still, my educated guess is that
nslookup -ls
just sends a rawAXFR
query to the remote nameserver, which will initiate a zone transfer if and only if the remote nameserver is dumb enough to respond to unsolicited, unauthorizedAXFR
s originating from random machines on the Internet. And then as servers started getting wiser,nslookup -ls
stopped working, and then eventually that useless code got ripped out of distributions. This hypothesis seems to match up with the evidence pretty well.But I'd really like to get an authoritative answer on the subject. Does
nslookup -ls
actually useAXFR
?-
Patrick Mevzek over 6 yearsYou will need to find the appropriate source code from a decode ago :-) current nslookup says in man that
ls
is not implemented and if you look at the source code you will not find any trace of ls switch. So it may have existed in the past, but this is long gone, as you should nowadays usedig
anyway (to do AXFR or any other DNS query) -
Molomby about 6 yearsThe O'Reilly "TCP/IP Network Administration" 3rd edition (2002) also covers the alleged
ls
functionality ofnslookup
. I was disappointed to see it's been removed. Apparently you can still performAXFR
requests withdig example.com -t AXFR
but servers almost never respond -- the functionality is too easily abused.
-