1
Is there a simple way to convert IP addresses in an http server log into a DNS name? I've googled around and can't find anything on this.
Update: I found the 'logresolve' program, part of the Apache distribution. does just what i want.
mix
Posted 2013-01-04T07:27:34.460
Reputation: 211
2
Turns out that logresolve, part of the Apache distribution, does exactly what I asked for. Run it like this:
$ logresolve < logfilewithIPs > newfilewithDNS
Takes a while on my daily logs, but gets me the info I'm looking for.
There's also an option in the Apache server to do this automatically when logs are written, but 1) I don't have access to the server settings as this is a shared hosting environment, and 2) it would slow things down for users a tiny bit.
mix
Posted 2013-01-04T07:27:34.460
Reputation: 211
2
While Sascha is right, if you really want an rDNS lookup, simply concatenate (remove leading zeros) and reverse the ip before performing a standard DNS lookup at reversedIP.in-addr.arpa
For example, to lookup 074.125.140.026, concatenate and reverse it, so that you perform a DNS lookup for 26.140.125.74.in-addr.arpa.
You'll get a PTR record with the registered domain name.
Avinash Vakil
Posted 2013-01-04T07:27:34.460
Reputation: 31
1
There is no simple way. Indeed, there is no usable way. One IP might be used for several DNS names which is usually the case for shared hosting. Also the IP might a proxy (public or not) or traffic routed through something like the tor network.
Anyway, even if you could do a reverse lookup against some dns servers, all you would achieve is a misleading statistic that can be more wrong than true.
Sascha
Posted 2013-01-04T07:27:34.460
Reputation: 121
If you found a suitable answer by yourself, you should post your solution as an answer and check it as accepted. Please add a link and a short description what it does as well. – nixda – 2013-01-17T22:17:29.737