Ldap – DNS searching with wildcards

digdomain-name-systemldapnslookupquery

Anything like nslookup or dig offer the ability to search based on something contained in the name … like a wildcard search or something?

I'm trying to make a little script with a GUI wrapper for our helpdesk team. Ideally, I'd like them to be able to search the user's last name (something that is always present in the DNS record) and then I'll populate a pulldown with the possible options to choose from.

I'm unable to find a way to effectively have the equivalent of nslookup *miller* … it would be great to then get back

Name: sf-jacobmiller.localdomain.com
Address: 10.10.10.121

Name: sf-justinmiller.localdomain.com
Address: 10.10.10.144

..which I could then parse into a pulldown for them to pick from.

I have not yet looked into what's available with ldapsearch which may be able to do what I'm looking for. My only requirement is that this is built into OSX and I won't need to install anything else, otherwise I'm open to any solutions you can offer. Thanks

Best Answer

You can get a full list of entries in a zone with a zone transfer; you'd need to allow this for authorized systems in your DNS server.

Once that's done, you can run the transfer and grep the result:

dig axfr localdomain.com | grep -i miller

Answer

The short answer to your specific question of listing CNAMEs is that you cannot without permission to do zone transfers (see How to list all CNAME records for a given domain?).

That said, if your company's DNS server still supports the ANY query, you can use dig to list the other records by doing:

dig +noall +answer +multiline yourdomain.yourtld any

These ... +noall +answer +multiline ... are strictly optional and are simply output formatting flags to make the output more easily human readable (see dig man page ).

Example

$ dig +noall +answer +multiline bad.horse any

Returns:

bad.horse.              7200 IN A 162.252.205.157
bad.horse.              7200 IN CAA 0 issue "letsencrypt.org"
bad.horse.              7200 IN CAA 0 iodef "mailto:abuse@sandwich.net"
bad.horse.              7200 IN MX 10 mx.sandwich.net.
bad.horse.              7200 IN NS a.sn1.us.
bad.horse.              7200 IN NS b.sn1.us.
bad.horse.              7200 IN SOA a.sn1.us. n.sn1.us. (
                                2017032202 ; serial
                                1200       ; refresh (20 minutes)
                                180        ; retry (3 minutes)
                                1209600    ; expire (2 weeks)
                                60         ; minimum (1 minute)
                                )

Caveats (RFC8482)

Note that, since around 2019, most public DNS servers have stopped answering most DNS ANY queries usefully. For background on that, see: https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/

If ANY queries do not enumerate multiple records, the only option is to request each record type (e.g. A, CNAME, or MX) individually.

Best Answer

Related Solutions

DYNDNS.org Custom DNS returning odd results with Windows’ NSLOOKUP

DNS Records – How to List All DNS Records in a Domain Using Dig

Answer

Example

Caveats (RFC8482)

Related Topic