Solved

Is it possible to setup a dns server containing all internet A records?

Posted on 2010-08-21
9
475 Views
Last Modified: 2013-12-23
Assume I have unlimited funds and hardware resources.

Is it possible to somehow setup a dns server to end up with a copy of all A Records as the root dns servers do?

Not saying i'd like to setup a root server, just would like full records locally on a one time basis, not worried about continually updating them either..
0
Comment
Question by:bluedragon99
9 Comments
 
LVL 29

Assisted Solution

by:Rich Weissler
Rich Weissler earned 100 total points
Comment Utility
When you say all the A Records, I assume you mean all the Alias records for every address on the Internet.  That isn't what the root dns servers have.  

http://en.wikipedia.org/wiki/Root_nameserver
"The root zone file is a small (about 200 kB) computer file whose publication is the primary purpose of Root nameservers, the servers which constitute the essential backbone of the internet."
<snip>
"The contents of the root zone file is a list of names and numeric IP addresses of the authoritative DNS servers for all top-level domains  (TLDs) such as .com, .org, .edu, or .nz, .fr, .ro. On 12 December 2004, there were 258 TLDs and 773 different authoritative servers for those TLDs listed."

But I've only intermediate expertise in DNS, so it's possible you mean something else when you indicate that you want "all internet A records"?
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 200 total points
Comment Utility
NetCraft found over 213 million webservers in August 2010, let alone all those FTP servers, routers, DNS servers and the like.
http://news.netcraft.com/archives/category/web-server-survey/
Do you really want to store all those records? For what purpose?
As Razmus pointed out, the root servers don't contain those records.
You would have to scan each and every public DNS, starting at the root servers, store the results, check for duplicates (!) etc. And unless you already know the domain names whose A records you're searching, you need permission to do a zone transfer (or the like, at least the possibility do do an export some way) for each and every DNS you're passing by.
I don't believe that there is an application which could do that, and I don't believe that anybody in the world is going to develop such a thing, because it's really useless, imo.
An approach not really doing what you want is "Passive DNS" - http://technical.bestgrid.org/index.php/Passive_DNS
And you can buy a dataset containing the top million websites (including hostnames it will cost an additional fee) at NetCraft (see above).
wmp
0
 
LVL 10

Assisted Solution

by:ddiazp
ddiazp earned 200 total points
Comment Utility
Not possible unless you write a script that will query every domain that exists for every possible record since zone transfers are denied mostly everywhere.

your script would be something like

a.a.com
b.a.com
c.a.com
...
...
...
zzzzzzzzzzzzzzzzzzzzzzzzzz.zzzzzzzzzzzzzzzzzzzzzz.com
...
...
etc

such list doesn't even exist and this would take years to finish.. considering all the root zones.. new domains creating every second,...
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Author Comment

by:bluedragon99
Comment Utility
verisign offers this service...
0
 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
All three experts would appear to agree on an answer the questioner did not wish to hear.  Please provide more information on the Verisign offering which meets the original question requirements.
0
 
LVL 29

Expert Comment

by:Rich Weissler
Comment Utility
I asked for more information, and simply pointed out that the root servers don't contain the records the questioner assumed it did.  The other two experts provided potential answers to the most logical alternate question, giving the downsides to each.  Hence, I recommend accepting two answers, and splitting the points equally between the other two experts:
http:#33499048 and http:#33689071
0
 

Expert Comment

by:modus_in_rebus
Comment Utility
bluedragon99,

Since you haven't responded here, I assume you're no longer interested in what happens with this question.

Since you haven't clarified the VeriSign offer, there's no way for me to know whether that indeed solves the issue you explained in this question, so I'll have to go with the experts' advice, and accept their suggestions as the solution.

modus_in_rebus
Community Support Moderator
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now