获取与IP关联的所有DNS记录 [英] Get all DNS records associated with an IP

问题描述

背景

以下代码返回给定别名或主机的IPv4地址：
[System.Net.Dns] :: GetHostAddresses（'someDnsName'）。IPAddressToString

以下代码返回HostName（CName）和别名的IP：
[System.Net.Dns] :: GetHostByAddress（'172.12.34.56'）

因此，我希望任何可以在 GetHostAddresses 上返回IP的列表列在HostName或别名调用 GetHostByAddress （或至少要列出该项目的FQDN）。
即我希望以下查询的结果返回true

  cls 
 $ name = 'someName'
 $ fqdn = [System.Net.Dns] :: GetHostEntry（$ name）.HostName 
 $ ip = [System.Net.Dns] :: GetHostAddresses（$ fqdn）.IPAddressToString 
 $ result = [System.Net.Dns] :: GetHostByAddress（$ ip）
 
 #this是我希望为true的结果
（$ result.HostName  - $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ f $ q $
结果：
（ -  HostName：{0}-f $ result.HostName）
 - 别名： 
（$ result | select -ExpandProperty别名）| ％{（`t {0}-f $ _）} 
  

但是有一些不以这种方式行事的记录。
这可能是对DNS的误解，我公司的DNS配置错误（这是因为我正在写这个脚本的DNS异常;我们在同一个IP上找到了2台服务器，所以我想检查对于其他人）或其他...

问题

是否列出与给定IP地址相关联的所有DNS名称的方法？
ie，从返回IP地址的返回IP地址的结果中会列出从 GetHostAddresses 返回IP的任何东西。

解决方案

当您查看全局范围时，获取与给定IP地址相关联的所有名称的确定列表是不可行的，因为任何DNS管理员可以定义在其区域中的任何IP地址的记录。例如我可以轻松地定义一个A记录 myoverflow.planetcobalt.net。指向 stackoverflow.com IP地址198.252 .206.16。

如果您将范围缩小到您的组织，则不太可能。但是，您仍然需要在组织的DNS服务器上枚举所有正向查找区域，并检查每个A记录的地址。您发现的 ServerFault问题的答案可以执行此区域枚举。您需要DNS管理员权限。

为什么这样复杂的原因是技术上前后查找区域之间没有任何关系。任何A记录根本没有任何PTR记录的技术要求（更不用说是匹配的）。你可以有两个记录

  foo.example.com。 A 192.168.23.42 
  

和

  17.13.113.10.in-addr.arpa。 PTR foo.example.com。 
  

没有问题。或者没有PTR记录的多个A记录。或者PTR记录没有A记录。

Microsoft的DNS服务器允许您将PTR记录与A记录相关联，但这只是一个方便的功能。再次，域名系统中没有这个关联的技术要求。

Background

The following code returns the IPv4 address of a given alias or host: [System.Net.Dns]::GetHostAddresses('someDnsName').IPAddressToString

The below code returns the HostName (CName) and aliases of an IP: [System.Net.Dns]::GetHostByAddress('172.12.34.56')

I'd therefore expect anything which returns an IP on GetHostAddresses to be listed under the HostName or Aliases of a call to GetHostByAddress (or at least for the FQDN of that item to be listed). i.e. I'd expect the result of the below query to return true

cls
$name = 'someName'
$fqdn = [System.Net.Dns]::GetHostEntry($name).HostName 
$ip = [System.Net.Dns]::GetHostAddresses($fqdn).IPAddressToString
$result = [System.Net.Dns]::GetHostByAddress($ip) 

#this is the result I'd expect to be true
($result.HostName -eq $fqdn) -or ($result.Aliases -contains $fqdn)

#here's additional info to aid in sense checking
"Name: $name"
"FQDN: $fqdn"
"IP: $ip"
"Result: "
(" - HostName: {0}" -f $result.HostName)
" - Aliases: " 
($result | select -ExpandProperty Aliases) | %{("`t{0}" -f $_)}

However there are a few A Records which are not behaving in this way. This may be a misunderstanding of DNS on my part, a misconfiguration of DNS at my company (it's because of DNS anomalies that I'm writing this script; we found 2 servers on the same IP; so I want to check for others), or something else...

Question

Is there a way to list all DNS names associated with a given IP address? i.e. such that anything which returns an IP from GetHostAddresses will be listed in the results of a reverse lookup on the returned IP address?

解决方案

Getting a definite list of all names associated with a given IP address is not feasible when you're looking at the global scope, because any DNS admin can define a record for any IP address in their zone. For instance I could easily define an A record myoverflow.planetcobalt.net. pointing to the stackoverflow.com IP address 198.252.206.16.

It's less impossible if you're reducing the scope to just your organization. However, you still need to enumerate all forward lookup zones on your organization's DNS servers and check the address of each A record. The answers to the ServerFault question you found do this zone enumeration. You need DNS admin privileges for it, though.

The reason why this gets so complicated is that technically there's no relation between forward and reverse lookup zones. There's no technical requirement for any A record to have any PTR record at all (much less a matching one). You can have two records

foo.example.com.             A    192.168.23.42

and

17.13.113.10.in-addr.arpa.  PTR  foo.example.com.

with no problem. Or multiple A records with no PTR record. Or PTR records with no A record.

Microsoft's DNS server allows you to associate a PTR record with an A record, but that's just a convenience feature. Again, there's no technical requirement in the Domain Name System for this association.

这篇关于获取与IP关联的所有DNS记录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！