How to resolve DNS from java like WIRESHARK does?

1

Could you explain how Wireshark makes a DNS query in order to resolve the name of an IP address?

My issue is about the mismatch between the domain name resolved by Wireshark and that returned by nslookup. Moreover, nslookup sometimes fails for certain IP addresses where Wireshark succeeds. Further, I would to get the same value from java.

An example to clarify: A case I found (one of thousands) is about the address 54.230.45.185

Wireshark resolves it as: dwjgneh8ogcu1.cloudfront.net (54.230.45.185) (yes, it seems to be a randomly generated domain name)

The other tools resolve it differently, something like: server-54-230-45-185.fra6.r.cloudfront.net

So I'm wondering how or where Wireshark finds that domain name.

Another example is: installer.betterinstaller.com (78.138.127.15).

CDominik

Posted 2015-08-11T11:05:34.383

Reputation: 13

It's possible nslookup and wireshark are using different protocols, ipv4 vs ipv6. Since you're looking at a CDN (cloudfront) weird load-balancer and round robin magic happens which complicates things. Also, just because you're using IPV4 address doesn't mean some hop won't "promote" your request to IPV6 if the process is IPV6 aware. – Arthur Kay – 2015-08-11T17:27:38.067

Answers

1

Consider asking Java-related questions on StackOverflow.

E.g., https://stackoverflow.com/questions/14632352/how-to-make-reverse-dns-lookup-in-java

InetAddress addr = InetAddress.getByName("98.138.253.109");
String host = addr.getCanonicalHostName();
System.out.println(host);

This is called an IP lookup, or a reverse DNS lookup (the latter is, I believe, a more appropriate naming).

user1532080

Posted 2015-08-11T11:05:34.383

Reputation: 506

Asked: 2015-08-11T11:05:34.383

Viewed: 520 times

Active: 2015-08-12T10:08:26.280