Linux – How to properly obtain the ip ranges of a domain

dnshome-networkingiplinuxnetworking

In order to shape traffic cheaply, I would like to know the address range of a particular domain, say google.com.

  • First option is to do a reverse dns lookup for a range of ips that are close to the ones from dig google.com +short. The problems are obvious: it's easy to miss something. Moreover, isn't scanning like that a bit rude?

  • Second option is to monitor for DNS queries that come back from the name servers. The ips of the name servers are unlikely to change which is good. However, I have no idea how to teach my router (Mikrotik RB951G-2HnD) to extract ips from dns responses.

  • Finally, it turned out that in some cases (namely, google.com and vk.com) subnet ranges are stored in the TXT record type. A single query can be made to obtain those:

    dig txt google.com +short

    However, not everybody does that. And even if they did, I would have to manually reconfigure the router with an additional ip range if that ever changed.

Question: what is the preferred way of obtaining the ip ranges of a domain? How to keep that range up to date?

Best Answer

You could try using whois on one of the returned IP addresses, at least for »big players« like Google, who have their own server farms and thus their own address ranges registered (not using some third party's space).

$ dig google.com +short
173.194.113.131
173.194.113.137
173.194.113.136
[…]
$ whois 173.194.113.131


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=173.194.113.131?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       173.194.0.0 - 173.194.255.255
CIDR:           173.194.0.0/16
OriginAS:       AS15169
NetName:        GOOGLE
NetHandle:      NET-173-194-0-0-1
Parent:         NET-173-0-0-0-0
NetType:        Direct Allocation
RegDate:        2009-08-17
Updated:        2012-02-24
Ref:            http://whois.arin.net/rest/net/NET-173-194-0-0-1


OrgName:        Google Inc.
OrgId:          GOGL
Address:        1600 Amphitheatre Parkway
City:           Mountain View
StateProv:      CA
PostalCode:     94043
Country:        US
RegDate:        2000-03-30
Updated:        2013-08-07
Ref:            http://whois.arin.net/rest/org/GOGL

OrgAbuseHandle: ZG39-ARIN
OrgAbuseName:   Google Inc
OrgAbusePhone:  +1-650-253-0000 
OrgAbuseEmail:  arin-contact@google.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/ZG39-ARIN

OrgTechHandle: ZG39-ARIN
OrgTechName:   Google Inc
OrgTechPhone:  +1-650-253-0000 
OrgTechEmail:  arin-contact@google.com
OrgTechRef:    http://whois.arin.net/rest/poc/ZG39-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
$

Thus the range you want to know would be 173.194.0.0/16.

Related Question