Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


IP address -> Host names

Posted on 2004-04-22
Medium Priority
Last Modified: 2013-12-06
I want to know what host names are handled by a web server of a certain IP address. For instance, the domains and could be located ont he same webserver via the IP address, but how can I get a list of all the host names handled by this specific webserver?

PS. This was also posted in the Misc topic. Someone there suggested I asked the question in Networking instead. Should I delete the other entry?

Question by:Hermund
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +6

Expert Comment

ID: 10889318
afaik, you should get it from the respective web server configuration, e.g., IIS, apache
what's the webserver?

Expert Comment

ID: 10889337
If you have access to the dns server you can do in nslookup an ls
If you have access to the webserver you can check the virtual hosts it is serving and this gives you also a list of the domains it is using.
If you do not have to either the webserver or the dns server this would mean that you are trying to find out information which you shouldn't :)

Accepted Solution

matalyn1016 earned 2000 total points
ID: 10889614
Ok, how to answer this.

MS - If you have access to the local machine - To view the current DNS cache content and the entries preloaded from the Hosts file, go to the command prompt and type
C:\> ipconfig /displaydns

For Unix/Linux - You have to send the named process a signal to tell it to dump its authoritative data and cache to a file, usually called named_dump.db. On HP-UX, you can use sig_named dump. On Linux, you can use ndc dumpdb. If you don't have either sig_named or ndc, you can use kill -INT .

If you are trying to see a remote web server’s DNS cache. In other words you want to look at my DNS cache from your location - it is my understanding that it is not possible because the DNS names are cached into memory not physically store. Root name servers contain physical records like Network Solutions and you can look at their records using the WHOIS tool.

When the Network Solutions systems received your request, it checks its WHOIS record for Since is pointing to XX servers ( and, Network Solutions forwards your request to XX network.

Let me know if I’m wrong or if there is a tool out that does it. I would like to have it also.
Hope this Helps.....
Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?


Author Comment

ID: 10889639
So I guess it's not possible.


Expert Comment

ID: 10889996
Well, I don’t like saying it’s not possible because it is probably being built as we speak. Much effort has been put into protecting DNS stores and how they are cached.

There are several security groups out there that may have tools available - but none in the public sector that I can see.
LVL 27

Expert Comment

ID: 10890078
You use nslookup

> ?
Commands:   (identifiers are shown in uppercase, [] means optional)
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
    -a          -  list canonical names and aliases
    -d          -  list all records
    -t TYPE     -  list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE           - sort an 'ls' output file and view it with pg
exit            - exit the program

> ls
*** Can't list domain Query refused

Expert Comment

ID: 10890491

To convert an IP address into a host name, you use NSLOOKUP as follows  (example of

 > set type=ptr
 (nslookup will display the associated inverse DNS record address-> name)

If the machine is a virtual host, it will likely return the primary name of the machine. Off hand, without access to the appropriate configuration files on that machine, I don't know of a way of enumerating all of the URLs that are serviced by that particular host (it gets even more complex, the host may have multiple addresses, each of which resolves to a different name).

I hope that the above is helpful.

- Bob (aka RLGSC)

Expert Comment

ID: 10922261
Is this a public web server, or one you control?

What web sdeerfver software is it running?

If you do not control the server, why do you need this information?

Author Comment

ID: 10926082

I do control the server. Sometimes it's hard to remember all the host names it's supposed to handle.

Author Comment

ID: 10926136
It runs IIS.

Expert Comment

ID: 10930098
Courtesy of the IIS FAQ site:

' Chris Crowe
' IISFAQ Web Site
' September 24, 2000
' Show ALL WWW Sites

Set IISOBJ = getObject("IIS://LocalHost/W3SVC")
For each Object in IISOBJ
      if (Object.Class = "IIsWebServer") then
            WScript.Echo "WWW Site: " & Object.Name & " - " & Object.ServerComment
      end if

Save the above to a text file with the extension vbs.

The syntax for the command is "cscript %vbscriptname%.

You need to run the script either on the server, or remotely. If running remotely, change localhost to your server name. You must have privileges on the server concerend.

Hope this helps

Expert Comment

ID: 10930110
DNS never really needed to come into it if you have access to the server

Author Comment

ID: 10930307
Thanks for the answer!

But won't that script only say which host names are actually handled by defined websites? I would like to know all domains that are directed to our webserver's IP address.

Is that possible?


Expert Comment

ID: 10931714
The script will only do that (ie. read the host headers), but DNS will not tell you this information either.

If you have a web site called, and its default page is default.asp. If you have  a redirect from this page to, it is a different domain, but the DNS entry will not tell you this.

If you want to determine what FQDN's map to your server IP address from the Internet and your Intranet, then DNS may give you this information. I believe the record you are seeking is the CNAME record.

The script will list all the web sites regardless of IP address

Here is another script that may help. Again from iis FAQ.

I don't know your level of experience, but IIS an get very scary very quickly if you are new to it. Microsoft Press do some pretty good books on it. For IIS4 I originally used as a starting point Running Internet Information Server. This will alos helpn with IIS5, as the two products are not dissimilar. If you are using IIS6, there are a variety of reference books available.

Expert Comment

ID: 10982210

Type IP address -
Names - use the 
2) Use IDserver.exe - found at - made by Steve Gibson for this purpose.

It is really simple: Shoot out and see what you get to. That also covers the case when the DNS is misconfigured...

Expert Comment

ID: 10999394
There's no way to get a complete list (it would basically involve querying every single possible hostname on the Internet for your IP address, which isn't possible).  However, you could setup logging of the site's Hostname and see what turns up.   This would be done in logging Properties under "Extended Properties", and checking Host (cs-host).  

Note you may want to configure this only on the 'default' website for the server's IP address, and make sure all the virtual websites are configured via Host Headers.  This way you'd only have one logfile to review, and it won't mess up any web stats programs running for the sites.  It's also a good security practice since it prevents someone from finding out which site(s) you host by going to the server's IP address in their browser.  

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question