开发者

Getting all hostnames from IP address in Perl

开发者 https://www.devze.com 2023-02-25 17:01 出处:网络
I\'m trying to find a way to get all hostnames that resolve to an IP address. The gethostbyaddr function appears to only retrieve the first record from DNS (no matter if it\'s in scalar or list conte

I'm trying to find a way to get all hostnames that resolve to an IP address.

The gethostbyaddr function appears to only retrieve the first record from DNS (no matter if it's in scalar or list context).

Example:

my $hostname = gethostbyaddr(inet_aton($ip_to_check), AF_INET);
$print($hostname); //output: joe.example.com

my @hostnames = gethostbyaddr(inet_aton($ip_to_check), AF_INET);开发者_运维知识库
foreach my $hostname (@hostnames){
 print "(", join(',',@hostnames), ")"; //output: (joe.example.com,,2,4,?)
}

From the terminal:

$ host 192.168.1.5
5.1.168.192.in-addr.arpa domain name pointer joe.example.com.
5.1.168.192.in-addr.arpa domain name pointer john.example.com.

I've heard that Net::DNS is a little more robust, but I haven't had any luck getting that to pull all entries as well.


I used a combination of answers given here and elsewhere on stack overflow to find the answer I was looking for.

# create new Resolver Object
my $res = Net::DNS::Resolver->new;

# change IP from 192.168.1.15 to 15.1.168.192.in-addr.arpa for searching
my $target_IP = join('.', reverse split(/\./, $ip_to_check)).".in-addr.arpa";

# query DNS
my $query = $res->query("$target_IP", "PTR");

# if a result is found
if ($query){
    print("Resolves to:\n");

    # for every result, print the IP address
    foreach my $rr ($query->answer){
        # show all unless the type is PTR (pointer to a canonical name)
        next unless $rr->type eq "PTR";

        # remove the period at the end
        printf(substr($rr->rdatastr, 0, -1));
    }
}


The gethostby... interface is quite old and clunky, being defined back in primeval times before Perl got references and pretensions to OO. And it doesn't work the way you're trying to use it. When used in list context, it returns the primary name as the first element and a space-separated(!) list of aliases as the second:

my ($hostname, $aliases) = gethostbyaddr($addr, AF_INET);
my @hostname = ($hostname, split ' ', $aliases);
say join ' ', @hostname;

Now that's the theory; I didn't locate any IP addresses with multiple PTR records offhand, so I can't test if gethostbyaddr will actually return them -- it probably depends on your underlying C runtime as well -- but it does work if you use gethostbyname with a CNAMEd name, for instance.


Here's a small program I use to lookup all PTR records for a netmask (for example 192.0.2.0/28 ) when doing abuse tracking tasks. It sends up to 15 queries a second and when they are all sent then starts reading the responses (so it'd need a little work to function properly for bigger net blocks).

#!/usr/bin/env perl
use strict;
use warnings;

use Net::Netmask;
use Net::DNS;

@ARGV or die "$0 ip/cidr\n";

my $block = Net::Netmask->new(shift);

my $res = Net::DNS::Resolver->new;

my %sockets;

my $i = 0;
for my $i (1 .. $block->size - 1) {
    my $ip = $block->nth($i);

    my $reverse_ip = join ".", reverse split m/\./, $ip;
    $reverse_ip .= ".in-addr.arpa";

    #print "$ip\n";

    my $bgsock = $res->bgsend($reverse_ip, 'PTR');
    $sockets{$ip} = $bgsock;

    sleep 1 unless $i % 15;
}

$i = 0;
for my $i (1 .. $block->size - 1) {

    my $ip = $block->nth($i);

    my $socket = $sockets{$ip};
    my $wait   = 0;
    until ($res->bgisready($socket)) {
        print "waiting for $ip\n" if $wait > 0;
        sleep 1 + $wait;
        $wait++;
    }
    my $packet = $res->bgread($socket);
    my @rr     = $packet->answer;

    printf "%-15s %s\n", $ip, $res->errorstring
      unless @rr;

    for my $rr (@rr) {
        printf "%-15s %s\n", $ip, $rr->string;
    }
}


I don't think this is a well-formed problem statement. In the general case, there's a nearly infinite number of DNS names that could resolve to any IP address, even unknown to the party that holds the address. Reverse-lookups are fundamentally unreliable, and are not capable of answering the question the poster would like, since all names for an IP do not need to be in the visible reverse map.

The first answer, which enumerates the reverse map, is the best one can do, but it will miss any names that have not been entered in the map.


This is what I have used:

sub getauthoritivename
    {
    my ($printerdns)=@_;
    my $res = Net::DNS::Resolver->new(searchlist=>$config->{searchlist});

    my $query = $res->search($printerdns);
    if ($query) 
        {
        foreach my $rr ($query->answer) 
            {
            next unless $rr->type eq "A";
            print $rr->name;
            }
        } 
    else
        {
        warn "query failed: ", $res->errorstring, "\n";
        return 0;
        }
    }

As long as $rr->name finds names, it keeps adding them.

0

精彩评论

暂无评论...
验证码 换一张
取 消