How to get all IPs of a domain?

How can I get all IPs of a domain name, say, www.google.com?

Of course, nslookup and host command will give me IPs of a domain. But what shall I do if I want a list ALL (or, at least a lot more than just one or two..) IPs of that domain?

Solution 1:

Try doing dig google.com a. For me, it shows a consistent list of 6 IPv4 addresses.

Solution 2:

You might use the actual whois command, which should work on any IP address. The whois command will also return information such as the numbers of network bits (17). From this, you can determine the actual number of IP addresses. For example, if I whois the IP address 209.85.135.147, I will get:

NetRange:   209.85.128.0 - 209.85.255.255
CIDR:       209.85.128.0/17
NetName:    GOOGLE
NetHandle:  NET-209-85-128-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation

The /17 means that a sub-class-B network, and that the number of possible addresses is :

2^(32-17) - 2

or

2^15 - 2

or

32,768 - 2

or

32766 possible IP addresses. The -2 is because of the very first address (the network address 209.85.128.0) , and the very last one, which is the broadcast address (209.85.255.255), both addresses cannot be used to point to a host.

This is for IPv4 addresses, of course.

The whois will return different information when you use a domain name such as google.com. Finally, keep in mind that the returned IP for a host name can depend on the country where you actually are.

host google.com will return a single IP address when queried from Ottawa, Canada.

$ host google.com
google.com has address 173.194.32.104
google.com mail is handled by 100 google.com.s9a1.psmtp.com.
google.com mail is handled by 200 google.com.s9a2.psmtp.com.
google.com mail is handled by 300 google.com.s9b1.psmtp.com.
google.com mail is handled by 400 google.com.s9b2.psmtp.com.
$