Created
November 9, 2023 08:42
-
-
Save sherwind/2f46df3c040480dd12d2cf8f5336037c to your computer and use it in GitHub Desktop.
Fetch DNS records of a domain name
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script performs DNS queries to collect records for a given domain. | |
| # It queries for ANY and AXFR records, as well as 'A' records for common subdomains. | |
| # If nameservers are provided as arguments, it uses those. Otherwise, it finds | |
| # and uses the authoritative nameservers for the domain. | |
| # by [email protected], 2003-03-15 | |
| # Check if at least the domain is provided | |
| if [ "$#" -lt 1 ]; then | |
| echo "Usage: $0 domain [nameserver ...]" | |
| exit 1 | |
| fi | |
| domain=$1 | |
| shift # Remove the first argument (domain) from the list | |
| # Remaining arguments are treated as nameservers | |
| nameservers=("$@") | |
| zone_records=() # Indexed array to handle unique records | |
| # Function to check if a record is already in the array | |
| record_exists() { | |
| local record=$1 | |
| for item in "${zone_records[@]}"; do | |
| if [[ $item == "$record" ]]; then | |
| return 0 # Record exists | |
| fi | |
| done | |
| return 1 # Record does not exist | |
| } | |
| # Function to find authoritative nameservers for the domain | |
| find_authoritative_ns() { | |
| local domain=$1 | |
| local ns=($(dig +noall +short NS $domain)) | |
| echo ${ns[@]} | |
| } | |
| # Function to query DNS and add unique records to zone | |
| query_dns() { | |
| local query_domain=$1 | |
| local record_type=$2 | |
| # Check if custom nameservers are provided | |
| if [ ${#nameservers[@]} -eq 0 ]; then | |
| # Find authoritative nameservers for the domain | |
| nameservers=($(find_authoritative_ns "$domain")) | |
| fi | |
| for ns in "${nameservers[@]}" | |
| do | |
| # Perform the DNS query using dig with no recursion | |
| while read -r line; do | |
| # Check if line is a comment or empty | |
| if [[ ! $line =~ ^\; ]] && [[ -n $line ]]; then | |
| # Check if the record is unique before adding | |
| if ! record_exists "$line"; then | |
| zone_records+=("$line") | |
| fi | |
| fi | |
| done < <(dig +noall +answer +norecurse @"$ns" "$query_domain" "$record_type") | |
| done | |
| } | |
| # Query for ANY and AXFR records | |
| query_dns "$domain" "ANY" | |
| #query_dns "$domain" "AXFR" | |
| # Query A records for common subdomains | |
| common_subdomains=("www" "mail" "smtp" "pop" "ftp" "dns" "www1" "www2" "www3" "dns1" "dns2" "dns3" "ns" "ns1" "ns2" "ns3" "mx" "mx1" "mx2" "mx3") | |
| for subdomain in "${common_subdomains[@]}"; do | |
| query_dns "$subdomain.$domain" "A" | |
| done | |
| # Print the collected DNS records in zone file format | |
| for record in "${zone_records[@]}"; do | |
| echo "$record" | |
| done | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment