tags:

views:

394

answers:

4
+1  Q: 

How can I find all the domain names that resolve to one ip address?

Lately I've been tracking a spammer on craigslist. I recently discovered that he's added a new technique to his arsenal, he registered a whole bunch of domain names but they all resolve to the same ip address.

Is there any way to take an ip address and get a list of all the domain names that resolve to that ip?

A: 

You can try reverse DNS, but I'm not sure whether it will list all the domain names. If it won't then I don't know of any other way to do this.

svick  2009-07-01 14:02:26
Reverse DNS will only allow one record per IP-address
WowtaH  2009-07-01 14:05:22
I'm no expert on this, but according to the WP link I provided, it is possible to have more than one record per IP adress, but not usual.
svick  2009-07-01 17:51:05
@WowtaH: completely false.
bortzmeyer  2009-07-02 11:38:08
A: 

This will be very difficult because the data you are looking for is spread in the DNS-records/servers for these domains. Only the webserver on which the site/mail is hosted on knows which domains it should respond to.

WowtaH  2009-07-01 14:02:55
A: 

You cannot easily find all the domains that point to an IP address. There are a couple reasons for this:

1- You are looking for all forward lookups that return this IP address. There is no way to get this information (you would have to look at every domain).

2- Reverse lookups (using PTR records) do not have to match all forward records.

> most rDNS entries only have one PTR record, DNS does not restrict the number if they are needed.

3- There is no query function that aggregates the data. I think there was an old, obscure query that was eventually removed because the size of the internet made it too slow.

benc  2009-07-17 10:41:25
+2  A: 

Oh, actually you can. After all, if there are companies constantly indexing the whole www, or even making a "backup" of it, why wouldn't be possible to index information about domains and IPs?

There are some free services that do just that, like for example:

And there are probably many others that work in a similar way: you provide a public IP address, and you get a list with the domain names that resolve to it.

This can be quite useful for several purposes. Tracking a spammer seems to be one of them.

I don't know how accurate, current or complete is the information that these services provide, but they have helped me in dealing with situations like the one you described.

As a final note, I suggest that you take this particular question to ServerFault, where I'm pretty sure you'll get more and better answers.

mfriedman  2009-11-02 00:58:07
Good point about Server fault, completely forgot about that site
Janak  2009-12-28 11:53:06

related questions

How do I setup an MX record for a sub-domain?
Wildcards in a hosts file
Best DNS with API access.
How to gain SSL load balancing!!!
How do I get a list of all subdomains of a domain?
Using glibc, why does my gethostbyname fail after I/DHCP has changed the DNS server?
How does my shared host's nameserver resolve http://servername.com/~username/ to my top level domain?
Regular expression to match hostname or IP Address?
Can I lookup the IP address of a hostname from javascript?
DNS- Route DNS for subfolder to different server?
Python + DNS : Cannot get RRSIG records: No Answer
Hosting a website on your own server
Does a caching-nameserver usually cache the negative DNS response SERVFAIL
Blocking part of a website
How can I find the current DNS server?
How to use getaddrinfo_a to do async resolve with glibc
Setting Nameservers - how?
Redirect from domain name to a dotted quad hosted box
Redirecting ".local" subdomain to unicast DNS
Does the PHP mail() function work if I don't own the MX record
How do I find the authoritative name-server for a domain name?
How to redirect siteA to siteB with A or CNAME records
How do I prevent dnsmasq from appending my domain name to invalid domain requests?
Reverse DNS in Ruby?
How to make subdomain user accounts in a webapp