1

I've been going through the 4th Edition (2001, yes, very old) of the O'Reilly "DNS and Bind" book, and it keeps talking about nslookup, which seems to be relatively hard to get one's hands on in this decade.

In particular, they keep mentioning nslookup -ls as a way to "pull a copy of a zone." Microsoft's docs also say:

Lists information for a Domain Name System (DNS) domain.

All of my references ("DNS and Bind", Microsoft, random web pages) seem to be very coy about how nslookup -ls actually works. (And it's not implemented in the version of nslookup on my MacBook.) They also don't say anything suggestive about troubleshooting, like, "If nslookup -ls is showing no results, check to make sure your name server is configured to respond to unauthorized AXFR messages."

Still, my educated guess is that nslookup -ls just sends a raw AXFR query to the remote nameserver, which will initiate a zone transfer if and only if the remote nameserver is dumb enough to respond to unsolicited, unauthorized AXFRs originating from random machines on the Internet. And then as servers started getting wiser, nslookup -ls stopped working, and then eventually that useless code got ripped out of distributions. This hypothesis seems to match up with the evidence pretty well.

But I'd really like to get an authoritative answer on the subject. Does nslookup -ls actually use AXFR?

Quuxplusone
  • 213
  • 1
  • 3
  • 12
  • You will need to find the appropriate source code from a decode ago :-) current nslookup says in man that `ls` is not implemented and if you look at the source code you will not find any trace of ls switch. So it may have existed in the past, but this is long gone, as you should nowadays use `dig` anyway (to do AXFR or any other DNS query) – Patrick Mevzek Jan 05 '18 at 02:44
  • The O'Reilly "TCP/IP Network Administration" 3rd edition (2002) also covers the alleged `ls` functionality of `nslookup`. I was disappointed to see it's been removed. Apparently you can still perform `AXFR` requests with `dig example.com -t AXFR` but servers almost never respond -- the functionality is too easily abused. – Molomby May 10 '18 at 02:54

1 Answers1

3

I can confirm that nslookup ls in Windows will issue an AXFR query.

The image below shows the query response from my home DNS server to an nslookup ls query from my Windows 10 client.

enter image description here

Servers are neither dumb nor smart. The people who install, configure and manage servers are responsible for the "dumbness" or smartness" of the OS, applications, services, etc. running on those servers. I temporarily allowed zone transfers to any server in order to capture the DNS traffic from my DNS server to my client machine in order to provide the image in my answer. Is the server "dumb" for allowing the transfer? No, but it might be considered "dumb" for me to keep my server configured in this manner.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172