CODEWITHSUNDEEP
bashdig
user1141869
user1141869

Reputation: 33

bash script to perform dig -x

Good day. I was reading another post regarding resolving hostnames to IPs and only using the first IP in the list.

I want to do the opposite and used the following script:

#!/bin/bash

IPLIST="/Users/mymac/Desktop/list2.txt"

for IP in 'cat $IPLIST'; do
domain=$(dig -x $IP +short | head -1)
echo -e  "$domain" >> results.csv 
done < domainlist.txt

I would like to give the script a list of 1000+ IP addresses collected from a firewall log, and resolve the list of destination IP's to domains. I only want one entry in the response file since I will be adding this to the CSV I exported from the firewall as another "column" in Excel. I could even use multiple responses as semi-colon separated on one line (or /,|,\,* etc). The list2.txt is a standard ascii file. I have tried EOF in Mac, Linux, Windows.

216.58.219.78
206.190.36.45
173.252.120.6

What I am getting now:

The domainlist.txt is getting an exact duplicate of list2.txt while the results has nothing. No error come up on the screen when I run the script either.

I am running Mac OS X with Macports.

Upvotes: 2

Views: 20221

Answers (3)

deHakkelaar
deHakkelaar

Reputation: 1

You can skip the head -1 part because if a reverse lookup returns multiple PTR records, something is wrong. Its common practice and recommended to only configure a single PTR record for a given IP address.

What I always do with lists is throw them at xargs instead of a for..done loop. If necessary piped from sed or awk if the lists needs cosmetics/filtering etc.

$ cat list2.txt
216.58.219.78
206.190.36.45
198.41.0.4

$ IPLIST="list2.txt"; xargs -n 1 dig +short -x < "$IPLIST" > results.csv
$

$ cat results.csv
mia07s24-in-f78.1e100.net.
unknown.yahoo.com.
a.root-servers.net.

FYI:

$ man xargs
[..]
NAME
       xargs - build and execute command lines from standard input

SYNOPSIS
       xargs [options] [command [initial-arguments]]

DESCRIPTION
       This manual page documents the GNU version of xargs.  xargs reads items
       from the standard input, delimited by blanks (which  can  be  protected
       with  double or single quotes or a backslash) or newlines, and executes
       the command (default is echo) one or more times with any  initial-argu-
       ments  followed  by items read from standard input.  Blank lines on the
       standard input are ignored.

In APT it comes with the find command in the findutils package:

$ apt-file search bin/xargs
findutils: /usr/bin/xargs

Upvotes: 0

tripleee
tripleee

Reputation: 189936

Your script has a number of syntax and stylistic errors. The minimal fix is to change the quotes around the cat:

for IP in `cat $IPLIST`; do

Single quotes produce a literal string; backticks (or the much preferred syntax $(cat $IPLIST)) performs a command substitution, i.e. runs the command and inserts its output. But you should fix your quoting, and preferably read the file line by line instead. We can also get rid of the useless echo.

#!/bin/bash

IPLIST="/Users/mymac/Desktop/list2.txt"

while read IP; do
    dig -x "$IP" +short | head -1
done < "$IPLIST" >results.csv

Upvotes: 2

hek2mgl
hek2mgl

Reputation: 158250

Seems that in your /etc/resolv.conf you configured a nameserver which does not support reverse lookups and that's why the responses are empty.

You can pass the DNS server which you want to use to the dig command. Lets say 8.8.8.8 (Google) for example:

dig @8.8.8.8 -x "$IP" +short | head -1

The commands returns the domain with a . appended. If you want to replace that you can additionally pipe to sed:

... | sed 's/.$//'

Upvotes: 1

Related Questions