DNS Wildcards

When a IIS server is running with a dns wildcard such as *.xyz.com, is there any way of querying it to see what sites it supports ?

E.g. get a list such as


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Interesting question.

Under linux, I would use the host command, like:

host -l domainname

where domainname is the xyz.com in the above example.  I don't know if there is an equivalent command under Windows?
IIS and DNS are entirely different services.

IIS will handle any traffic it receives on an IP address it is listening on.

DNS determines what traffic gets sent to which IP.

If your DNS server is set to resolve *.xyz.com to then *any* traffic going to *.xyz.com will be handled by IIS if IIS is listening on the address.

If you are meaning something more along the lines of "what Host Headers are configured for a given website?" then you could try something like the following from c:\inetpub\adminscripts:

cscript.exe adsutil.vbs get w3svc/X/serverbindings - where X is the site instance you are wanting to check

Hope this helps

Dave Dietz
plqAuthor Commented:
The reason for asking is security

We have some sites such as


and we don't want anyone else finding them. So its really a question of if we put these sites up can outsiders and hackers tell that they exist ?
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

If you simply have a DNS wildcard set for *.wherever.com and have Host Headers set in IIS for specific names (bob.somewhere.com) there is no way to find them except by trial-and-error.

Dave Dietz

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
plqAuthor Commented:
Thanks for your help
Hmmm - I'd probably secure the sites via some form of password protection as well - it's just a matter of typing in another URL after visiting one of those sites, and your URL is then listed as a referrer of another site... if they run site stats, and get curious, they'll find your site.  Worse yet, if they make their stats public, so will the search engines.
plqAuthor Commented:
Yes, I looked at using authentication onto the web but just a bit worried that doing that will open up a back door to the server, e.g. through RDP. I know I can secure RDP by user or even by IP but don't have that much expertise in windows security to be confident that every thing else is properly closed off. Having said all that, the app is secured with database authentication anyway so they'd only get as far as the logon.

I think I can get around httpreferrer by adding a header to stop the page going into history ?
RE: avoiding the page going into history - I don't know, to be honest.  The referrer is controlled (I believe) by the browser - it's up to the browser to report the proper page.  You could try, but I wouldn't consider that sufficient control.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.