Finding ALL currently used IP addresses of Website [closed]

linux ip

What steps would you take to discover all (or close to all) IP addresses that are currently used by a website? How would you be as exhaustive as possible without calling a website admin and asking for the list of IP addresses? ;)

nslookup works but will vary based on dns server queried.

whois is another good tool.

Dig, not bad.

Let's use Facebook for example. I'm blocking that site for the majority our our company's users, but some are approved for "research". I can not easily use OpenDNS because we all appear to come from the same request IP address. I could change that but don't want to add more vlans than I already have.

I also could use block something like regex facebook1 "facebook\.com" (I'm running a cisco firewall) but that's pretty easy to sidestep.

All that being said, I'm asking about specifically about finding ip addresses for a domain and not for other methods that I can block a domain name.


You cannot do it reliably. Larger sites like Facebook (or Google, etc) are using Anycast for their DNS servers so even if you lookup the domain in Whois to get the authoritative DNS server the responses may change from hour to hour or even query to query depending on which data center they want to serve you from.

For smaller sites, I would do a WHOIS on the domain, then do a NS query on each DNS server listed to get a complete list of all possible DNS servers for that domain. Finally, query each DNS server for the FQDN that you want the IP list for.


After trying out quite a few options I discovered that centralops.net gives an incredible extensive result set for dns using their "Domain Dossier". Anyway, it gave me exactly what I needed to get all the facebook A records (and more).

http://centralops.net/co/.

Feeling like a tool for finally answering my own stale question.


One way of doing it ( I admit not bulletproof) would be to host -t a domain-name and then do a whois in the RIPE/ARIN database for all of those IPs to get the full net-range belonging to the certain website/company and block all of them.
(whois or http://cqcounter.com/whois/ )

Related

Why is this file hidden when you run ls?
Is there a difference between a daemon and a service?
OpenSSH : Key-based authorization, maximum key length
What is a Journaling file system?
init.d scripts written in Python
haproxy + stunnel + keep-alive?
VirtualBox: grain table inconsistency
Effective way to ensure "clean slate system" for continuous integration service
CentOS: eth0 not starting on boot
How can I log into a Domain controller that doesn't trust itself
Detecting Slashdot effect in nginx
Apache refuses to write to a log file after I manually delete all of its contents