Is it possible to find all DNS subdomains for a given domain name?

dns

This question exists because it has
historical significance, but it is not
considered a good, on-topic question
for this site, so please do not use it
as evidence that you can ask similar
questions here.

More info: https://stackoverflow.com/faq

Anyone knows if it's possible to find all A records, CNAME or subzone records configured for a domain name?

For example, domain.com:

www IN CNAME domain.com.
subdomain1 IN CNAME domain.com.
subdomain2 IN CNAME domain.com. 

subdomain1 IN A 123.4.56.78.
subdomain2 IN A 123.4.56.79. 

I want to keep a sub-domain private where I'll run an admin application (it will be password protected and on a special port, but I would prefer to keep it as private as possible).

Best Solution

Like others have said, what you want is a so called zone-transfer. If it is your own domain you can configure the DNS server to give it to you. If it is for some other domain you probably don't get it, since most DNS-admins consider it a security threat.

Even if an individual record isn't a problem (thats what the DNS it therefore) it could be a problem if an evil person gets a list of all your records: It could simplify an attack.

Related Question