Listing all the IPs of a given domain name with dig
I wanted to check what's the full list of IPs of a given website (for instance, google.ch). Running dig consistently returns me the same IP:
dig google.ch
google.ch. 136 IN A 172.217.168.67
But when running an online service such as https://toolbox.googleapps.com/apps/dig/ I can see that consecutive calls return different IP addresses.
Plus, https://www.robtex.com/dns-lookup/google.ch tells me there seem to be 28 IPs associated with this domain name.
Would it be possible for me to also get this info through dig or similar tools or is that out of my control?
Thanks
Would it be possible for me to also get this info through dig or similar tools or is that out of my control?
It is out of your control. You can probably "emulate" the feature, if you do a DNS query from multiple points on the Internet at the same time, and then consider the union of all results. It would still be very approximate.
Why?
Because the DNS server is free to choose whatever algorithms it wants to give you back an answer. For example, if there are load balancers and CDNs involved, you could get a different IP address at each query, indeed for "GeoDNS" reasons or other ones. Or multiple addresses as an answer to a single query. And that can depend on where the query comes from: the DNS server sees the IP address of the recursive DNS server or DNS client doing the request, and sometimes other information (there is an EDNS option for the client to add a subnet IP to encode the real client doing the request, so that the DNS server can theoretically provide a more suited reply; for privacy reasons however this may not be used very often).
Even purely at the DNS level, you have at least two levels of possible variability:
- the DNS resolver you use (your dig example did not specific a nameserver explicitly with
@
which means you use the locally defined recursive nameserver, which means you can really get absolutely anything as a result, as it is not authoritative; plus of course any serious discussion would need to involve DNSSEC at some point) can be anycasted: hence you may not even always reach the same node, and depending on the provider, the nodes' caches may be shared or not, so you can get completely different replies just based on the case - the DNS authoritative server you reach can also be anycasted, and hence, again you can get completely different replies depending on where you are, and what BGP decided at that time for the routing to be.
Also, finally, more important, why do you need that data? If you specify more your constraints/use case, there may be other ways to achieve what you need. If you consider it still in all generic case, why do you think you need to know "all" IP addresses of google.ch
for example? And even if you achieve that, why do you think it is relevant, as the owner can change all of that at any time?
Because for some specific reasons sometimes provider will list the relevant IP addresses. For example a provider of monitoring services, or a search engines, can list which IP addresses they use, so that you can make sure not to block them. But that is just some typical documentation on a website, nothing dynamic nor very related to the DNS as protocol.
PS: don't forget that IPv4 is legacy Internet; you should concentrate on IPv6 nowadays :-)