How to scan all DNS records of any domain?


#1

Yes, I am talking about A, AAAA, CNAME, MX, TXT, etc all records. What if I want to see all in one click?

One way is using Cloudflare, but this doesn’t work sometimes for example if we try for Google.

Any alternative way to check? Just trying to spy :smiley:


#2

There is no way to watch all of the records at once (even cloudflare runs a loop by scanning each record one at a time).

You can however search for records using cloudflare’s resolver tools including 1.1.1.1 telegram bot.


#3

If You run a local DNS Resolved (unbound or bind etc even locally on a raspberry pi) then you can create a simple bash or python script to dig all the dns records by type. It can then print all deails to a file.

You can then create a simple html page with an input field and use it to get the domain name then trigger script on submit and then print the output of the script on the same page.

It will be very slow and waiting times can be ~5mins but it is the only reasonable way that I know would work.