Solved

IP address -> Host names

Posted on 2004-04-22
16
9,109 Views
Last Modified: 2013-12-06
I want to know what host names are handled by a web server of a certain IP address. For instance, the domains www.domain1.com and www.domain2.com could be located ont he same webserver via the IP address 007.007.123.123, but how can I get a list of all the host names handled by this specific webserver?

PS. This was also posted in the Misc topic. Someone there suggested I asked the question in Networking instead. Should I delete the other entry?

Thanks!
0
Comment
Question by:Hermund
  • 4
  • 4
  • 2
  • +6
16 Comments
 
LVL 6

Expert Comment

by:dedy_djajapermana
ID: 10889318
afaik, you should get it from the respective web server configuration, e.g., IIS, apache
what's the webserver?
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 10889337
If you have access to the dns server you can do in nslookup an ls domain1.com.
If you have access to the webserver you can check the virtual hosts it is serving and this gives you also a list of the domains it is using.
If you do not have to either the webserver or the dns server this would mean that you are trying to find out information which you shouldn't :)
0
 
LVL 4

Accepted Solution

by:
matalyn1016 earned 500 total points
ID: 10889614
Ok, how to answer this.

MS - If you have access to the local machine - To view the current DNS cache content and the entries preloaded from the Hosts file, go to the command prompt and type
C:\> ipconfig /displaydns

For Unix/Linux - You have to send the named process a signal to tell it to dump its authoritative data and cache to a file, usually called named_dump.db. On HP-UX, you can use sig_named dump. On Linux, you can use ndc dumpdb. If you don't have either sig_named or ndc, you can use kill -INT .

If you are trying to see a remote web server’s DNS cache. In other words you want to look at my DNS cache from your location - it is my understanding that it is not possible because the DNS names are cached into memory not physically store. Root name servers contain physical records like Network Solutions and you can look at their records using the WHOIS tool.

When the Network Solutions systems received your request, it checks its WHOIS record for yourdomain.com. Since yourdomain.com is pointing to XX servers (dns1.XX.com and dns2.XX.com), Network Solutions forwards your request to XX network.

Let me know if I’m wrong or if there is a tool out that does it. I would like to have it also.
Hope this Helps.....
0
 

Author Comment

by:Hermund
ID: 10889639
So I guess it's not possible.

Thanks!
0
 
LVL 4

Expert Comment

by:matalyn1016
ID: 10889996
Well, I don’t like saying it’s not possible because it is probably being built as we speak. Much effort has been put into protecting DNS stores and how they are cached.

There are several security groups out there that may have tools available - but none in the public sector that I can see.
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 10890078
You use nslookup

> ?
Commands:   (identifiers are shown in uppercase, [] means optional)
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
    -a          -  list canonical names and aliases
    -d          -  list all records
    -t TYPE     -  list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE           - sort an 'ls' output file and view it with pg
exit            - exit the program

> ls x.com
[dnserver.x.com]
*** Can't list domain x.com: Query refused
0
 
LVL 8

Expert Comment

by:RLGSC
ID: 10890491
Hermund,

To convert an IP address into a host name, you use NSLOOKUP as follows  (example of 1.2.3.4):

  NSLOOKUP
 > set type=ptr
 > 4.3.2.1.in-addr.arpa.
 (nslookup will display the associated inverse DNS record address-> name)

If the machine is a virtual host, it will likely return the primary name of the machine. Off hand, without access to the appropriate configuration files on that machine, I don't know of a way of enumerating all of the URLs that are serviced by that particular host (it gets even more complex, the host may have multiple addresses, each of which resolves to a different name).

I hope that the above is helpful.

- Bob (aka RLGSC)
0
 
LVL 7

Expert Comment

by:rhrowson
ID: 10922261
Is this a public web server, or one you control?

What web sdeerfver software is it running?

If you do not control the server, why do you need this information?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:Hermund
ID: 10926082
Hi!

I do control the server. Sometimes it's hard to remember all the host names it's supposed to handle.
0
 

Author Comment

by:Hermund
ID: 10926136
It runs IIS.
0
 
LVL 7

Expert Comment

by:rhrowson
ID: 10930098
Courtesy of the IIS FAQ site:

' Chris Crowe
' IISFAQ Web Site
' http://www.iisfaq.com
' September 24, 2000
'
' Show ALL WWW Sites

Set IISOBJ = getObject("IIS://LocalHost/W3SVC")
For each Object in IISOBJ
      if (Object.Class = "IIsWebServer") then
            WScript.Echo "WWW Site: " & Object.Name & " - " & Object.ServerComment
      end if
next

Save the above to a text file with the extension vbs.

The syntax for the command is "cscript %vbscriptname%.

You need to run the script either on the server, or remotely. If running remotely, change localhost to your server name. You must have privileges on the server concerend.

Hope this helps
0
 
LVL 7

Expert Comment

by:rhrowson
ID: 10930110
DNS never really needed to come into it if you have access to the server
0
 

Author Comment

by:Hermund
ID: 10930307
Thanks for the answer!

But won't that script only say which host names are actually handled by defined websites? I would like to know all domains that are directed to our webserver's IP address.

Is that possible?

Thanks!
0
 
LVL 7

Expert Comment

by:rhrowson
ID: 10931714
The script will only do that (ie. read the host headers), but DNS will not tell you this information either.

If you have a web site called www.monday.com, and its default page is default.asp. If you have  a redirect from this page to www.tuesday.com, it is a different domain, but the DNS entry will not tell you this.

If you want to determine what FQDN's map to your server IP address from the Internet and your Intranet, then DNS may give you this information. I believe the record you are seeking is the CNAME record.

The script will list all the web sites regardless of IP address

Here is another script that may help. Again from iis FAQ.

http://www.iisfaq.com/Default.aspx?tabid=2766

I don't know your level of experience, but IIS an get very scary very quickly if you are new to it. Microsoft Press do some pretty good books on it. For IIS4 I originally used as a starting point Running Internet Information Server. This will alos helpn with IIS5, as the two products are not dissimilar. If you are using IIS6, there are a variety of reference books available.
0
 

Expert Comment

by:knuthf
ID: 10982210
See
1) http://www.geektools.com/whois.php

Type IP address -
Names - use the www.verisign.com
or
2) Use IDserver.exe - found at www.grc.com - made by Steve Gibson for this purpose.

It is really simple: Shoot out and see what you get to. That also covers the case when the DNS is misconfigured...
0
 
LVL 1

Expert Comment

by:JohnnyLingo
ID: 10999394
There's no way to get a complete list (it would basically involve querying every single possible hostname on the Internet for your IP address, which isn't possible).  However, you could setup logging of the site's Hostname and see what turns up.   This would be done in logging Properties under "Extended Properties", and checking Host (cs-host).  

Note you may want to configure this only on the 'default' website for the server's IP address, and make sure all the virtual websites are configured via Host Headers.  This way you'd only have one logfile to review, and it won't mess up any web stats programs running for the sites.  It's also a good security practice since it prevents someone from finding out which site(s) you host by going to the server's IP address in their browser.  
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now