Get ipblock list from a domain?

K

klabacita

Hi guys.

If this question goes in other forum please let me know.

My question is simple, I had a domain example.com, my proxy point to different IP address:

Code: 
w.x.y.1
w.x.y.2
...
w.x.y.N

Is there a way to know all the IPs from that domain?

Any tip I will appreciate, thanks.!!!
 
I'm not sure what you mean but dig(1) will show you all the IP addresses a hostname will resolve to. For example:
Code: 
dice@armitage:~% dig www.google.com

; <<>> DiG 9.8.4-P2 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63334
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         181     IN      A       173.194.67.106
www.google.com.         181     IN      A       173.194.67.104
www.google.com.         181     IN      A       173.194.67.105
www.google.com.         181     IN      A       173.194.67.103
www.google.com.         181     IN      A       173.194.67.99
www.google.com.         181     IN      A       173.194.67.147

;; Query time: 2 msec
;; SERVER: 2a01:7c8:b::c53#53(2a01:7c8:b::c53)
;; WHEN: Wed Oct  2 18:37:40 2013
;; MSG SIZE  rcvd: 128
 
I guess you mean a zone transfer for a given zone. Unfortunately most name servers disable zone transfer for outsiders to avoid denial of service attacks. If it's your own zone and you have enabled zone transfers to a trusted IP address you can do:

dig @mydnsserver mydomain.tld AXFR
 
Code: 
dig  [url]www.akamaihd.net[/url]

; <<>> DiG 9.4.3-P3 <<>> [url]www.akamaihd.net[/url]
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41435
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;[url]www.akamaihd.net[/url].              IN      A

;; AUTHORITY SECTION:
akamaihd.net.           106     IN      SOA     internal.akamaistream.net. hostmaster.akamai.com. 1380733507 90000 90000 90000 180

;; Query time: 1 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Wed Oct  2 10:06:21 2013
;; MSG SIZE  rcvd: 113

Don't see all the IPs from this domain.
 
Akamai is a content delivery network, they serve content from their caches all over the world on the connectivity and geographical basis.

A or CNAME for the http://www.akamaihd.net is simply not set. If you will try something like fbcdn-sphotos-g-a.akamaihd.net, you will get few entries, but definitely not all available in the whole world.
 
klabacita said:
Code: 
; <<>> DiG 9.4.3-P3 <<>> www.akamaihd.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41435
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0...

Don't see all the IPs from this domain.
Click to expand...

The important information is ... status: NXDOMAIN ...

That means the domain does not exist, and of course you won't see any IP for a non-existing domain.
 
Guys, thanks all for your info, I'm hunting most of the IPs from Facebook, we are developing an app and I require almost all of the IPs they use, I'm using Squid to see IPs but they use a lot and I prefer to search the whole IP range.
 
Best option is just to ask them what their network range is but failing that try doing a whois on one of the IPs. For example if I do whois 173.194.41.137 I get this (this is one of Google's IP ranges):

Code: 
NetRange:       173.194.0.0 - 173.194.255.255
CIDR:           173.194.0.0/16
 
Sorry for this delay, let me understand this.

I got an IP that is 173.252.102.241, I ask and I got back that this is part of 173.252.96.0/19. Then, this tells me that this whole bunch of IP's are from this domain right? It is the same AS number. Correct?
 
You must log in or register to reply here.
Back
Top