I use this very rarely so I always forget it again and again. You can list all the subdomains of eg. a top level domain like this ...
host -t NS example.com
Find a nameserver in the output of the DNS lookup.
host -t AXFR example.com <name_server>
where <name_server> comes from the first step.
Of course most of the DNS servers deny such requests ... so don't be surprised if you get a "Host example.com not found: 5(REFUSED)" error in the second step (or optionally you do not get any response at all).
Recent comments
1 year 44 weeks ago
3 years 14 weeks ago
3 years 14 weeks ago
3 years 16 weeks ago
3 years 17 weeks ago
3 years 23 weeks ago
3 years 23 weeks ago
3 years 24 weeks ago
3 years 24 weeks ago
3 years 24 weeks ago