I use this very rarely so I always forget it again and again. You can list all the subdomains of eg. a top level domain like this ...
host -t NS example.com
Find a nameserver in the output of the DNS lookup.
host -t AXFR example.com <name_server>
where <name_server> comes from the first step.
Of course most of the DNS servers deny such requests ... so don't be surprised if you get a "Host example.com not found: 5(REFUSED)" error in the second step (or optionally you do not get any response at all).
Recent comments
2 years 32 weeks ago
4 years 2 weeks ago
4 years 2 weeks ago
4 years 4 weeks ago
4 years 5 weeks ago
4 years 11 weeks ago
4 years 11 weeks ago
4 years 12 weeks ago
4 years 12 weeks ago
4 years 12 weeks ago