Solved

DNS Wildcards

Posted on 2004-10-28
249 Views
Last Modified: 2010-05-18
When a IIS server is running with a dns wildcard such as *.xyz.com, is there any way of querying it to see what sites it supports ?

E.g. get a list such as

site1.xyz.com
site3.xyz.com
www.xyz.com

thanks
0
Question by:plq
    8 Comments
     
    LVL 15

    Expert Comment

    by:periwinkle
    Interesting question.

    Under linux, I would use the host command, like:

    host -l domainname

    where domainname is the xyz.com in the above example.  I don't know if there is an equivalent command under Windows?
    0
     
    LVL 34

    Expert Comment

    by:Dave_Dietz
    IIS and DNS are entirely different services.

    IIS will handle any traffic it receives on an IP address it is listening on.

    DNS determines what traffic gets sent to which IP.

    If your DNS server is set to resolve *.xyz.com to 192.168.0.5 then *any* traffic going to *.xyz.com will be handled by IIS if IIS is listening on the address.

    If you are meaning something more along the lines of "what Host Headers are configured for a given website?" then you could try something like the following from c:\inetpub\adminscripts:

    cscript.exe adsutil.vbs get w3svc/X/serverbindings - where X is the site instance you are wanting to check

    Hope this helps

    Dave Dietz
    0
     
    LVL 8

    Author Comment

    by:plq
    The reason for asking is security

    We have some sites such as

              somecompanysdemo.ourdomain.com

    and we don't want anyone else finding them. So its really a question of if we put these sites up can outsiders and hackers tell that they exist ?
    0
     
    LVL 34

    Accepted Solution

    by:
    If you simply have a DNS wildcard set for *.wherever.com and have Host Headers set in IIS for specific names (bob.somewhere.com) there is no way to find them except by trial-and-error.

    Dave Dietz
    0
     
    LVL 8

    Author Comment

    by:plq
    Thanks for your help
    0
     
    LVL 15

    Expert Comment

    by:periwinkle
    Hmmm - I'd probably secure the sites via some form of password protection as well - it's just a matter of typing in another URL after visiting one of those sites, and your URL is then listed as a referrer of another site... if they run site stats, and get curious, they'll find your site.  Worse yet, if they make their stats public, so will the search engines.
    0
     
    LVL 8

    Author Comment

    by:plq
    Yes, I looked at using authentication onto the web but just a bit worried that doing that will open up a back door to the server, e.g. through RDP. I know I can secure RDP by user or even by IP but don't have that much expertise in windows security to be confident that every thing else is properly closed off. Having said all that, the app is secured with database authentication anyway so they'd only get as far as the logon.

    I think I can get around httpreferrer by adding a header to stop the page going into history ?
    0
     
    LVL 15

    Expert Comment

    by:periwinkle
    RE: avoiding the page going into history - I don't know, to be honest.  The referrer is controlled (I believe) by the browser - it's up to the browser to report the proper page.  You could try, but I wouldn't consider that sufficient control.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
    Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
    Want to pick and choose which updates you receive? Feel free to check out this quick video on how to manage your email notifications.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now