Looking for DNS reverse lookup service

Humes, David G. David.Humes at jhuapl.edu
Tue Jun 15 17:41:32 UTC 2004 

I realize there's no authoritative way to provide all the domain names
associated with an IP address, and that any service that claims to have this
capability is doing it by mining data, and will never be fully accurrate.
But, having said that, here's why it would be valuable.  Let's say that
you've determined that the host at IP x.y.z.q is sending exploit code to
hosts in your network.  You're pretty certain that it's not a spoofed IP, so
you say let's block the IP at the firewall.  Several minutes later when the
phones start ringing, you find that you've just blocked access to google,
Symantec and who knows what else.

The service that I saw showed you 4 domain names for an IP for free, and if
you wanted to see them all, you had to sign up.  

--Dave 

-----Original Message-----
From: Steve Friedl [mailto:steve at unixwiz.net]
Sent: Tuesday, June 15, 2004 1:12 PM
To: Danny Mayer
Cc: Humes, David G.; 'bind-users at isc.org'
Subject: Re: Looking for DNS reverse lookup service


On Tue, Jun 15, 2004 at 12:55:36PM -0400, Danny Mayer wrote:
> At 01:31 PM 6/14/2004, Humes, David  G. wrote:
> >A few weeks ago I ran accross a for-fee service that claimed to provide
all
> >the names associated with an IP address rather than just the single name
> >that you get with a typical nslookup reverse lookup.  Unfortunately, I
> >forgot to bookmark the site and have now googled through about 20 pages
> >without success.  Can anyone provide a referal for this service?
> >
> >Thanks.
> >
> >--Dave
> 
> dig -x IPAddress

No way, that's not what he's asking.

If I have my website at BigHost, Inc. the inverse name for my site might
be "host123.bighost.com", but there could easily be 100 other websites
that *point to* that address. "dig -x" will only give one of them unless
the webhoster includes all hundred PTR records (this is unlikely).

There is no authoritative way to collect this information: one can only
accumulate it as one does lots of domain-name stuff over time. I have
seen a service he's asking about, and I thought it was from Netcraft or
one of the other uptime companies. They are in a position to notice that
multiple www addresses resolve to a single IP.

Alas, looking all over netcraft.com doesn't reveal this service.

Steve

-- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve at unixwiz.net

More information about the bind-users mailing list