The discover-zone script tries to guess DNS RRs (Resource Records) in the designated domain and uses several approaches to collect as much info as possible. The primary purpose is to create a zone configuration file for a domain where zone transfer is prohibited (most modern name servers are configured to deny zone transfer requests).
The usage of this script is quite simple, just provide it with the designated domain name and the script will output a valid BIND 9 zone file on its standard output.
You may also specify a space or comma separated list of host names to try to extend the list of the guess names attempted, e.g:
$ discover-zone domain.tld www2 secure,something
this will try www2.domain.tld, secure.domain.tld, and something.domain.tld in addition to the preconfigured list of names to be guessed.
Below is the help screen output of the current version of the discover-zone script:
$ ./discover-zone --help
discover-zone v0.0.1 (a part of DNS scripts package)
===
Copyright (c) 2010 by (GalaxyMaster) <galaxy at openwall.com>
Licence: GPL v2 or later <http://www.gnu.org/licenses/gpl.txt>
This script tries to guess DNS RRs (Resource Records) in the
designated domain and uses several approaches to collect as
much info as possible. The primary purpose is to create a
zone configuration file for a domain where zone transfer is
prohibited (most modern name servers are configured to deny
zone transfer requests).
Usage: discover-zone [options] [domain.tld] [guess names]
The following options are currently supported:
--email=email - (-e) NOC email (to be used in the SOA record)
--help - (-h) this help
--nameserver=ns - (-n) set the replacement NS (can be specified
multiple times to include several NSes
--verbose - (-v) be verbosive (prints on stderr)
--version - (-V) displays version information
Example: discover-zone --verbose domain.tld www2,dev
$