ced@bcstec.uucp (Charles Derykus) (05/31/91)
Given an internet IP, is there a way to retrieve what the host at that IP actually calls itself. In other words, I want to confirm that what DNS says actually matches the local host name. I thought telneting in through the "smtp" port and capturing the output would be an option but the "smtp" output resists capture. Any help or suggestions would be greatly appreciated. Charles DeRykus Internet: ced@bcstec.boeing.com Boeing Computer Services UUCP: ...!uunet!bcstec!ced Renton, WA. M/S 6R-37 (206) 234-9223
rickert@mp.cs.niu.edu (Neil Rickert) (05/31/91)
In article <891@bcstec.boeing.com> ced@bcstec.uucp (Charles Derykus) writes: >Given an internet IP, is there a way to retrieve what the host at that IP >actually calls itself. In other words, I want to confirm that what DNS >says actually matches the local host name. > >I thought telneting in through the "smtp" port and capturing the output >would be an option but the "smtp" output resists capture. > By "resists capture", I presume you mean you wish to run this from a script. (Do you have 'mconnect', and if so, did you try this)? I am not sure what you expect by telnetting to the smtp port. That isn't going to tell you what the host calls itself. It will tell you what the smtp software on the host call itself. Given how common misconfigured mail software is, I would trust the DNS over the smtp dialogue for giving the name. Then there is the question of what you mean by "what the host actually calls itself". A good guess is that when it is talking to itself, it usually calls itself 'localhost', but somehow I doubt that this is what you mean. Do you mean `hostname`?. Do you mean `hostname`.`domainname` (assuming that domainname exists)? Do you mean the result of canonicalizing one of these with a host table lookup? or with a DNS lookup? And in any case, why would you care? -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940
imp@solbourne.com (Warner Losh) (05/31/91)
In article <891@bcstec.boeing.com> ced@bcstec.uucp (Charles Derykus) writes: >Given an internet IP, is there a way to retrieve what the host at that IP >actually calls itself. In other words, I want to confirm that what DNS >says actually matches the local host name. gethostbyaddr(3) should do the trick (don't know if it will or not if you are running NIS): # include <sys/types.h> # include <sys/socket.h> # include <netdb.h> int main (argc, argv) int argc; char **argv; { struct hostent *h; u_long ip /* assume ip gets set somehow */ h = gethostbyname (&ip, sizeof (u_long), AF_INET); if (h == NULL) { fprintf (stderr, "Can't get host info for this host\n"); exit (1); } printf ("official name: %s\n", h -> h_name); } alternatively, there is nslookup: Given IP address 1.2.3.4 nslookup > set q=ptr > 4.3.2.1.in-addr.arpa. should also do the trick. Warner -- Warner Losh imp@Solbourne.COM Free to a good home: 10,000 Miller Moths. Must promise not to breed them.
08071TCP@MSU.EDU (Doug Nelson) (06/01/91)
>Given an internet IP, is there a way to retrieve what the host at that IP >actually calls itself. In other words, I want to confirm that what DNS >says actually matches the local host name. > >I thought telneting in through the "smtp" port and capturing the output >would be an option but the "smtp" output resists capture. > >Any help or suggestions would be greatly appreciated. Checking the SMTP port is probably the best way - I have done exactly what you described. Maybe you need to move to a different platform to capture the SMTP port output - I had no difficulty doing this with SunOS (Unix) Telnet. Doug Nelson Michigan State University
mouse@thunder.mcrcim.mcgill.edu (der Mouse) (06/02/91)
In article <891@bcstec.boeing.com>, ced@bcstec.uucp (Charles Derykus) writes: > Given an internet IP, is there a way to retrieve what the host at > that IP actually calls itself. (Questions generally end with `?', not `.'.) > In other words, I want to confirm that what DNS says actually matches > the local host name. The generally-accepted way to do this is to ask the DNS for a PTR record corresponding to the dotted-quad address with the quads reversed and .in-addr.arpa appended. For example, if I see a connection from 132.206.73.1, I might do something like [Thunder] 106> nstest 132.206.1.1 (132.206.1.1 is the local nameserver.) > p1.73.206.132.in-addr.arpa (the p means ask for a PTR record; the rest is as I described above.) res_mkquery(0, 1.73.206.132.in-addr.arpa, 1, 12) res_send() HEADER: opcode = QUERY, id = 1, rcode = NOERROR header flags: rd qdcount = 1, ancount = 0, nscount = 0, arcount = 0 QUESTIONS: 1.73.206.132.in-addr.arpa, type = PTR, class = IN Querying server (# 1) address = 132.206.1.1 got answer: HEADER: opcode = QUERY, id = 1, rcode = NOERROR header flags: qr aa rd ra qdcount = 1, ancount = 1, nscount = 0, arcount = 0 QUESTIONS: 1.73.206.132.in-addr.arpa, type = PTR, class = IN ANSWERS: 1.73.206.132.in-addr.arpa type = PTR, class = IN, ttl = 86400, dlen = 29 domain name = Lightning.McRCIM.McGill.EDU > (and there you are: 132.206.73.1 is Lightning.McRCIM.McGill.EDU.) > I thought telneting in through the "smtp" port and capturing the > output would be an option but the "smtp" output resists capture. Check out the script(1) program; if you have it, that should be able to deal with grabbing a copy of the session. In any case, that's not really reliable. The name reported on the SMTP greeting message is all too often only vaguely related to the DNS name of the machine. (The first part is usually accurate, but the rest is often the local YP - oops, NIS - or netinfo domain instead of the DNS domain the machine is in, or sometimes absent altogether.) der Mouse old: mcgill-vision!mouse new: mouse@larry.mcrcim.mcgill.edu