CODEWITHSUNDEEP
dns
Nicole Stein
Nicole Stein

Reputation: 925

Find all URLS that point to a particular site (Reverse DNS Lookup)

Is it possible to (and if so, how would I), given a domain name for a particular website, look up all other domain names that redirect to that same site? I'm thinking not, though if it were possible, I'd break the problem down into two parts:

1) Get the IP address that corresponds to the original domain name (there seem to be a lot of web services that do this - although they provide me with ~4 IP addresses for the one site, any idea what that's about?)

2) Do some kind of reverse DNS lookup on those IP addresses - this yields results of the form any-in-XXXX.1e100.net (where XXXX is a 4-digit number)

So, I'm guessing this doesn't work because of redirects and things, and any-in-XXXX.1e100.net is some sort of intermediate server in between me and the domain name I'm looking up? So the task I've described above should be impossible, then, right? Can someone who knows a bit more about how DNS works confirm (or refute) this and correct any wrong assumptions I've made? Thanks!

Upvotes: 2

Views: 2222

Answers (1)

Wes Hardaker
Wes Hardaker

Reputation: 22262

It will only work if sites set up their reverse DNS that way. Which, I can pretty much assure you they haven't for whatever site you're considering. However, here's an example of how to do it using bind's dig utility:

Get the original address:

# dig www.google.com a
...
www.google.com.         145     IN      A       74.125.239.114
www.google.com.         145     IN      A       74.125.239.115
www.google.com.         145     IN      A       74.125.239.113
www.google.com.         145     IN      A       74.125.239.116
www.google.com.         145     IN      A       74.125.239.112

Now that we have the addresses, you can issue a reverse query for it and attempt to see how it's registered:

# dig -x 74.125.239.114
...
114.239.125.74.in-addr.arpa. 656 IN     PTR     nuq05s01-in-f18.1e100.net.

So in this case, you can see it was at least registered. But certainly that name doesn't match the actual registered URL. So they added a reverse entry for their "service node", but not for the URL itself (ie, they didn't add a PTR record for the www.google.com record).

This will be so common you'll be hard pressed to find something where the reverse name actually matches, at least for the web. For mail servers, on the other hand, it's actually much more common. Though even they don't frequently match exactly (but at least there is almost always a PTR record in the first place`

Upvotes: 3

Related Questions