2
1
In order to shape traffic cheaply, I would like to know the address range of a particular domain, say google.com
.
First option is to do a reverse dns lookup for a range of ips that are close to the ones from
dig google.com +short
. The problems are obvious: it's easy to miss something. Moreover, isn't scanning like that a bit rude?Second option is to monitor for DNS queries that come back from the name servers. The ips of the name servers are unlikely to change which is good. However, I have no idea how to teach my router (Mikrotik RB951G-2HnD) to extract ips from dns responses.
Finally, it turned out that in some cases (namely,
google.com
andvk.com
) subnet ranges are stored in theTXT
record type. A single query can be made to obtain those:dig txt google.com +short
However, not everybody does that. And even if they did, I would have to manually reconfigure the router with an additional ip range if that ever changed.
It's not my cup of tea, but curious: doesn't
dig google.com +short
give you exactly what you need, without any further processing? (Or, was my earlier comment about the title of this question wrong, and do you also want to know about, eg.,maps.google.com
which in this case is the same list but could be different, orgmail.com
,ajax.googleapis.com
,www.google-analytics.com
and so on? And all might be in very different data centers, so might have different cheaper routing as well.) – Arjan – 2014-03-16T12:40:09.353Are you sure
– Arjan – 2014-03-16T12:40:52.937dig txt google.com +short
gives you what you want? Not every Google server is sending email, and it seems to me you're looking at IP ranges for SPF records there.dig google.com +short
is definitely just a subset of the ip range. You can make sure it's true: run it, find an ip that is close to the ones you see and run a reverse DNS lookup:dig -x close_ip_here
. Good chance it will still be from the same domain. On the other hand, thetxt
record has indeed all sorts of things in it and you are right to point out that it's usually for SPF. But it is currently the way I get the ip range and it works. Finally, networking is not my cup of tea either, hence a question here @Arjan – alisianoi – 2014-03-16T15:35:07.1271Domains don't necessarily have "ranges" of IP addresses. It's perfectly possible for a domain to use six different IP addresses that are widely separated. For example, one major UK website uses 146.101.19.102 and 213.161.77.102. – Mike Scott – 2014-04-11T05:29:52.613