IP address -> Host names

Posted on 2004-04-22
Last Modified: 2013-12-06
I want to know what host names are handled by a web server of a certain IP address. For instance, the domains and could be located ont he same webserver via the IP address, but how can I get a list of all the host names handled by this specific webserver?

PS. This was also posted in the Misc topic. Someone there suggested I asked the question in Networking instead. Should I delete the other entry?

Question by:Hermund
  • 4
  • 4
  • 2
  • +6

Expert Comment

ID: 10889318
afaik, you should get it from the respective web server configuration, e.g., IIS, apache
what's the webserver?

Expert Comment

ID: 10889337
If you have access to the dns server you can do in nslookup an ls
If you have access to the webserver you can check the virtual hosts it is serving and this gives you also a list of the domains it is using.
If you do not have to either the webserver or the dns server this would mean that you are trying to find out information which you shouldn't :)

Accepted Solution

matalyn1016 earned 500 total points
ID: 10889614
Ok, how to answer this.

MS - If you have access to the local machine - To view the current DNS cache content and the entries preloaded from the Hosts file, go to the command prompt and type
C:\> ipconfig /displaydns

For Unix/Linux - You have to send the named process a signal to tell it to dump its authoritative data and cache to a file, usually called named_dump.db. On HP-UX, you can use sig_named dump. On Linux, you can use ndc dumpdb. If you don't have either sig_named or ndc, you can use kill -INT .

If you are trying to see a remote web server’s DNS cache. In other words you want to look at my DNS cache from your location - it is my understanding that it is not possible because the DNS names are cached into memory not physically store. Root name servers contain physical records like Network Solutions and you can look at their records using the WHOIS tool.

When the Network Solutions systems received your request, it checks its WHOIS record for Since is pointing to XX servers ( and, Network Solutions forwards your request to XX network.

Let me know if I’m wrong or if there is a tool out that does it. I would like to have it also.
Hope this Helps.....
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.


Author Comment

ID: 10889639
So I guess it's not possible.


Expert Comment

ID: 10889996
Well, I don’t like saying it’s not possible because it is probably being built as we speak. Much effort has been put into protecting DNS stores and how they are cached.

There are several security groups out there that may have tools available - but none in the public sector that I can see.
LVL 27

Expert Comment

ID: 10890078
You use nslookup

> ?
Commands:   (identifiers are shown in uppercase, [] means optional)
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
    -a          -  list canonical names and aliases
    -d          -  list all records
    -t TYPE     -  list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE           - sort an 'ls' output file and view it with pg
exit            - exit the program

> ls
*** Can't list domain Query refused

Expert Comment

ID: 10890491

To convert an IP address into a host name, you use NSLOOKUP as follows  (example of

 > set type=ptr
 (nslookup will display the associated inverse DNS record address-> name)

If the machine is a virtual host, it will likely return the primary name of the machine. Off hand, without access to the appropriate configuration files on that machine, I don't know of a way of enumerating all of the URLs that are serviced by that particular host (it gets even more complex, the host may have multiple addresses, each of which resolves to a different name).

I hope that the above is helpful.

- Bob (aka RLGSC)

Expert Comment

ID: 10922261
Is this a public web server, or one you control?

What web sdeerfver software is it running?

If you do not control the server, why do you need this information?

Author Comment

ID: 10926082

I do control the server. Sometimes it's hard to remember all the host names it's supposed to handle.

Author Comment

ID: 10926136
It runs IIS.

Expert Comment

ID: 10930098
Courtesy of the IIS FAQ site:

' Chris Crowe
' IISFAQ Web Site
' September 24, 2000
' Show ALL WWW Sites

Set IISOBJ = getObject("IIS://LocalHost/W3SVC")
For each Object in IISOBJ
      if (Object.Class = "IIsWebServer") then
            WScript.Echo "WWW Site: " & Object.Name & " - " & Object.ServerComment
      end if

Save the above to a text file with the extension vbs.

The syntax for the command is "cscript %vbscriptname%.

You need to run the script either on the server, or remotely. If running remotely, change localhost to your server name. You must have privileges on the server concerend.

Hope this helps

Expert Comment

ID: 10930110
DNS never really needed to come into it if you have access to the server

Author Comment

ID: 10930307
Thanks for the answer!

But won't that script only say which host names are actually handled by defined websites? I would like to know all domains that are directed to our webserver's IP address.

Is that possible?


Expert Comment

ID: 10931714
The script will only do that (ie. read the host headers), but DNS will not tell you this information either.

If you have a web site called, and its default page is default.asp. If you have  a redirect from this page to, it is a different domain, but the DNS entry will not tell you this.

If you want to determine what FQDN's map to your server IP address from the Internet and your Intranet, then DNS may give you this information. I believe the record you are seeking is the CNAME record.

The script will list all the web sites regardless of IP address

Here is another script that may help. Again from iis FAQ.

I don't know your level of experience, but IIS an get very scary very quickly if you are new to it. Microsoft Press do some pretty good books on it. For IIS4 I originally used as a starting point Running Internet Information Server. This will alos helpn with IIS5, as the two products are not dissimilar. If you are using IIS6, there are a variety of reference books available.

Expert Comment

ID: 10982210

Type IP address -
Names - use the 
2) Use IDserver.exe - found at - made by Steve Gibson for this purpose.

It is really simple: Shoot out and see what you get to. That also covers the case when the DNS is misconfigured...

Expert Comment

ID: 10999394
There's no way to get a complete list (it would basically involve querying every single possible hostname on the Internet for your IP address, which isn't possible).  However, you could setup logging of the site's Hostname and see what turns up.   This would be done in logging Properties under "Extended Properties", and checking Host (cs-host).  

Note you may want to configure this only on the 'default' website for the server's IP address, and make sure all the virtual websites are configured via Host Headers.  This way you'd only have one logfile to review, and it won't mess up any web stats programs running for the sites.  It's also a good security practice since it prevents someone from finding out which site(s) you host by going to the server's IP address in their browser.  

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OSPF - Convergence & Downtime 9 37
Home Router DHCP query 9 45
Windows 7 Internet issue 14 55
Setup small office network 1 27
Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question