Very true point - as long as you don't need it to be a
DNS-Query you can use dsquery or admod to query for the dnsNode-Objects in the
container hosting the DNS-Zones (out of my head since none of my test-dcs is
currenty running: cn=MicrosoftDNS,cn=system,dc=xxx where xxx is either the
domain or the application partition).
However keep in mind that those LDAP-Queries are getting
expensive when not querying all of them but specific and the wildcard is in
front - e.g. querying at *.domain.com is heavy on the server, server01.* would
be OK.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps":
http://tinyurl.com/44zcz
Weblog:
http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org
Profile: http://mvp.support.microsoft.com/profile="">
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paessens, Daniel
Sent: Wednesday, March 01, 2006 9:10 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT : Query DNS using wildcards?Hello,Against what are you trying to perform a query. it's possible to perform a query against AD by using a csvde command.When using these command you are able to use some wildcards.Regards,Daniel
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bart Van den Wyngaert
Sent: Wednesday, March 01, 2006 15:43
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] OT : Query DNS using wildcards?Hello Ulf,I agree on the point that it would open up an attack surface, but on the other hand we want to keep our environment clean when a server is at the end of lifecycle.In a lot of cases the server is already powered off some week before we start cleaning the different environments (to be sure there is nothing forgotten). In case of a cluster, you have several hosts registered into DNS and IP's for all the resources. We're looking into a way to retrieve that info without the need to power on the server again...Best regards,Bart
On 3/1/06, Ulf B. Simon-Weidner <[EMAIL PROTECTED]> wrote:Hello Bart,AFAIK DNS is not designed being queried with a wildcard - which would open up a attack surface you definitelly don't want. Closest thing you can do is performing a LS-Command against a DNS-Server ( e.g. with nslookup), however this requires the DNS-Server to allow zone transfers to the machine where you perform the ls-command.Ulf
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Bart Van den Wyngaert
Sent: Wednesday, March 01, 2006 1:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT : Query DNS using wildcards?
Hi all,We're looking at this moment for a way to query DNS using wildcards, but untill now, no luck!Does anybody knows a way to do this?Thanks,Bart
