HomeGeneral › Finding all subdomains of any specific domain (DNS AFXR)

Finding all subdomains of any specific domain (DNS AFXR)

October 30, 2009 • By adminGeneral

To find all subdomains of a domain, you can use a DNS zone transfer (also known as AXFR). A DNS zone transfer is a type of DNS transaction. It is one of the many mechanisms available for administrators to replicate DNS databases across a set of DNS servers.

Read more about DNS zone transfers on Wikipedia: DNS zone transfer.

How to perform a DNS zone transfer

You can use the dig or nslookup commands to attempt a zone transfer:

dig axfr @ns1.example.com example.com

Or using nslookup:

nslookup
server ns1.example.com
ls -d example.com

Note

Most properly secured DNS servers will reject unauthorized zone transfer requests. This is a security best practice. Zone transfers should only be allowed between authorized secondary DNS servers.