0

I would like to find the IP range of a few domains so I can block them in my firewall but I am not quite sure where to start.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • did you try ping ? – Limit Nov 06 '16 at 06:16
  • Yes, I had pinged the domain and it returned an IP address. Unfortunately I cannot just block that IP address because then the domain does not use the same IP address to connect each time. –  Nov 06 '16 at 06:23
  • Is this firewall for your personal machine or over a network? What if you set your hosts.conf file to redirect that domain name to localhost? Also, please list all the steps that you have tried so far – Limit Nov 06 '16 at 06:27

1 Answers1

1

You could find the IP addresses currently used by a domain by doing a DNS lookup. For example with dig A www.example.com gives you all IPv4 addresses the DNS server returns for this domain and dig AAAA www.example.com the IPv6 addresses. But you need to be aware that getting the IP address this way and then configure blocking based on this has serious problems because:

  • The mapping is specific for only a specific hostname, i.e. www1.example.com and www2.example.com and example.com might all return different results.
  • The mapping between name and IP address might be changed any time. Sometimes this list depends on the location you ask from (i.e. geo-specific DNS), sometimes on the load on the servers and especially malware delivering sites will often change the IP address once an address they used is added to a blacklist.
  • There might be several domains sharing the same IP address so blocking by IP address will block access to these as an unwanted side effect domains too (overblocking).

Thus a better way would have such block at the DNS level or at the HTTP level with a URL filter. But this (more advanced) functionality might not be available in the firewall you use.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Thank you, this is exactly what I needed. Before I mark this question as answered, I would like to clarify one of the warnings you put to my attention. When you said "The mapping is specific for only a specific hostname, i.e. www1.example.com and www2.example.com and example.com might all return different results." did you mean that sub domains also have their own list of IPv4 Addresses? –  Nov 06 '16 at 06:32
  • @milorules1012: sub domains might exist or might not exist and they might have different IP addresses or they might not. It's fully up to the administrator of the domain. Take for example ipv6.google.com: it has no IPv4 address but an IPv6 address only contrary to google.com which has lots of IPv4 and also an IPv6 but which is different to the one from ipv6.google.com. And www.google.com has yet another different IPv6 address. – Steffen Ullrich Nov 06 '16 at 08:03
  • I understand now, thank you so much for your help! –  Nov 06 '16 at 17:33