Using dig to retrieve subdomains or zone file

While you might not be able to exactly grab a zone file directly you can list the records you have permission to retrieve using the dig command with the following options.

dig +nocmd yourdomain.com any +multiline +noall +answer

Its also possible to find the subdomains of a domain by using the authority. First do a simple lookup on the domain and see if they have an “authority” section. At the time of writing this it seems wikipedia isn’t giving me an authority section so you may want to try something else as an example.

dig wikipedia.com

;; AUTHORITY SECTION:
wikipedia.com.        163475    IN    NS    ns2.wikimedia.org.
wikipedia.com.        163475    IN    NS    ns1.wikimedia.org.
wikipedia.com.        163475    IN    NS    ns0.wikimedia.org.

Then do the following using the authority results in the @ to get a list of all subdomains

dig @ns1.wikimedia.org wikipedia.com axfr