There is a website which you can query with a domain and it will return a list of all the websites hosted on that IP. I remember there being a method in C# that was something like ReturnAddresses or something of that sort. Does anyone have any idea how this is done? Quering a hostname or IP and having returned a list of hostnames aka other websites hosted on the same server?
the website is: http://www.yougetsignal.com/tools/web-sites-on-web-server/
After reading the comments, bobince is definitely right and these 2 should be used in tandem with each other. For best results you should use the reverse DNS lookup here as well as to use the passive DNS replication.
string IpAddressString = "208.5.42.49"; //eggheadcafe
try
{
IPAddress hostIPAddress = IPAddress.Parse(IpAddressString);
IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);
// Get the IP address list that resolves to the host names contained in
// the Alias property.
IPAddress[] address = hostInfo.AddressList;
// Get the alias names of the addresses in the IP address list.
String[] alias = hostInfo.Aliases;
Console.WriteLine("Host name : " + hostInfo.HostName);
Console.WriteLine("\nAliases :");
for(int index=0; index < alias.Length; index++) {
Console.WriteLine(alias[index]);
}
Console.WriteLine("\nIP address list : ");
for(int index=0; index < address.Length; index++) {
Console.WriteLine(address[index]);
}
}
catch(SocketException e)
{
Console.WriteLine("SocketException caught!!!");
Console.WriteLine("Source : " + e.Source);
Console.WriteLine("Message : " + e.Message);
}
catch(FormatException e)
{
Console.WriteLine("FormatException caught!!!");
Console.WriteLine("Source : " + e.Source);
Console.WriteLine("Message : " + e.Message);
}
catch(ArgumentNullException e)
{
Console.WriteLine("ArgumentNullException caught!!!");
Console.WriteLine("Source : " + e.Source);
Console.WriteLine("Message : " + e.Message);
}
catch(Exception e)
{
Console.WriteLine("Exception caught!!!");
Console.WriteLine("Source : " + e.Source);
Console.WriteLine("Message : " + e.Message);
}
courtesy of http://www.eggheadcafe.com/community/aspnet/2/83624/system-dns-gethostbyaddre.aspx
Jeremy's answer is based around Reverse DNS, which is the normal programmatical way to look up IP->hostname. It relies an a PTR record being set up for that server; this is often but not always set up to something useful.
For example look up, thedailywtf.com and you'll get 74.50.106.245, but since there is no PTR record for “245.106.50.74.in-addr.arpa”, Dns.GetHostEntry() won't return anything useful.
Similarly, many server farms will just give you a generic hostname like 123.45.67.89-dedicated.bigexamplehost.com.
What yougetsignal is doing is different, it's “Passive DNS Replication”. They run some DNS servers people are querying, and remember every hostname that was looked up. Then you can query their records of past lookups by the address that was returned. Put 74.50.106.245 into yougetsignal and you'll get a list of hostnames that previously resolved to the dailywtf server when people queried them, not anything to do with the Reverse DNS PTR entry.
Reverse DNS is not as same as what you asking (which sites hosted on the same server). Reverse DNS generally won't work as you expect (see bobince's answer).
To able to identify other websites in a host, you need to build a massive database and store as much as DNS record as you can, then correlate IP addresses.
Check out : http://www.domaintools.com/reverse-ip/
They are doing this as the way I said, that's only way to get an accurate results. Obviously it takes time, CPU, bandwith and space to correlate and crawl/generate that data.
Does anyone know how you send a bytes stream from a DNS server back to the browser so that you can create a relay ? i listen on UDP port 53 and read the request and send that to the DNS server and get a byte stream back and then send that back to the browser using UDP on the client port number used to make the original request but IE/FF justy send the request back again.
The reason i want to make a relay is because BT Home are sending back fake DNS records and this is a security risk on my network.
snip code below
public void Listen()
{
receiveSocket = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp );
receiveEndPoint = new IPEndPoint(IPAddress.Any, receivePort); receiveSocket.Bind(receiveEndPoint);
receivePort = (receiveSocket.LocalEndPoint as IPEndPoint).Port;
receiveBuffer = new byte[BufferSize];
receiveAsyncResult = receiveSocket.BeginReceiveFrom(receiveBuffer, 0, receiveBuffer.Length, SocketFlags.None, ref receiveEndPoint, new AsyncCallback(NetworkMessageReceivedCallback), receiveSocket);
}
public void NetworkMessageReceivedCallback(IAsyncResult asyncResult)
{
EndPoint remoteEndPoint = null;
byte[] bytes = null;
remoteEndPoint = new IPEndPoint(IPAddress.Any, 0); //Will contain the clients port
int bytesRead = receiveSocket.EndReceiveFrom(asyncResult, ref remoteEndPoint);
bytes = new Byte[bytesRead];
Buffer.BlockCopy(receiveBuffer, 0, bytes, 0, bytesRead);
//string ip = "208.67.222.222";
string ip = "192.168.1.254";
IPAddress dnsServer = IPAddress.Parse(ip);
Response R = Resolver.Lookup(bytes, dnsServer);
receiveSocket.SendTo(R.Message , remoteEndPoint);
receiveSocket.Close();