Bash comprehensive list of IP addresses for a domain

Question

I'm trying to produce a list of all the possible ip addresses for a given domain name. I think I'm close but don't know what I'm missing (or if there is a better way).

First I create a list of variations of the domain like so:

 webkinz.com
 www.webkinz.com

I then loop over this list and run dig on each variation like so:

 while read domain; do
    IPs=`dig $domain | grep $domain | grep -v ';' | awk '{ print $5 }'`;
    echo " ${IPs}" >> /tmp/IPs; #array
 done < /tmp/mylist

 sort -u /tmp/IPs > /tmp/TheIPs; #remove duplicates
 cat /tmp/TheIPs| tr -d "\n" > /tmp/IPs  #remove new lines (making it 1 long line)

My IPs file looks like this:

  66.48.69.100 www.webkinz.com.edgesuite.net.a1339.g.akamai.net.

Only 3 problems. :-(

1. Dig returned domains when I was only expecting ip addresses.
2. Some how my script deleted the spaces between the domains.
3. Some of the ip addresses from dig www.webkinz.com are missing.

So, how should I do this? Do I somehow figure out if dig returned another domain instead of an ip address and run dig on that domain? Do I just ignore domain names returned from dig and figure the ip addresses is sufficient? I want to catch every ip address that will resolve to the domain if possible. I didn't think it should be this hard. Any ideas?

Answer 1

I know this already answered; however, for a list of IPv4 and IPv6 addresses, try this:

Script:

info=$(host google.com); echo "$info" | grep "has address" | awk '{print $4}'; echo "$info" | grep "IPv6" | awk '{print $5}'

host - get the IP addresses
grep - filter the addresses
awk - print the correct strings

script (less lines):

host google.com | awk '/address/ {print $NF}'

Output:

74.125.45.102
74.125.45.113
74.125.45.138
74.125.45.139
74.125.45.100
74.125.45.101
2607:f8b0:4002:c01::8a

Answer 2

In order to get just the IP addresses, use dig +short:

#!/bin/bash
while read -r domain
do
    dig +short "$domain"
done < /tmp/mylist | sort -u | awk '{printf "%s ", $0} END {printf "\n"}' > outputfile

or

#!/bin/bash
echo $(xargs -a /tmp/mylist dig +short | sort -u) > outputfile

Using echo with an unquoted argument drops the newlines except at the end.

You don't need any intermediate variables or temporary files.

Answer 3

dig gives different types of responses, so it's possible that the fifth column contains domain names. The fifth column will be IP addresses only when the response line is an A response. I would suggest:

dig -t A $domain

instead of

dig $domain

to restrict the type.

Answer 4

Use the following modification in your script to resolve the dns names when is not an ip address

while read domain; do
    IPs=`dig $domain | grep $domain | grep -v ';' | awk '{ print $5 }'`;

    # detect if '$IPs' is an ip address 
    grep "\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}" <(echo $IPs) >/dev/null 2>&1

    if [ $? -eq 0 ]; then 
        # if IPs is an ip address add it to the file   
        echo " ${IPs}" >> /tmp/IPs; #array          
    else 
        # if not, resolve the domain name using the 'host' command (take just the first line using 'head -1') 
        host $IPs | grep "has address" | head -1 | awk '{ print $4 }' >> /tmp/IPs
    fi

done < mylist