Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!yale!ox.com!msen.com!emv From: libes@cme.nist.gov (Don Libes) Newsgroups: comp.archives Subject: [tcp-ip...] gethostbyaddr(1) (was: Confirming DNS name - what I really meant) Message-ID: <1991Jun9.225859.12368@ox.com> Date: 9 Jun 91 22:58:59 GMT References: <895@bcstec.boeing.com> <4031@muffin.cme.nist.gov> Sender: emv@msen.com (Edward Vielmetti, MSEN) Reply-To: libes@cme.nist.gov (Don Libes) Followup-To: comp.protocols.tcp-ip Organization: National Institute of Standards and Technology Lines: 63 Approved: emv@msen.com (Edward Vielmetti, MSEN) X-Original-Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards Archive-name: internet/named/gethostbyaddr/1991-06-07 Archive: durer.cme.nist.gov:/pub/expect.shar.Z [129.6.32.4] Original-posting-by: libes@cme.nist.gov (Don Libes) Original-subject: gethostbyaddr(1) (was: Confirming DNS name - what I really meant) Reposted-by: emv@msen.com (Edward Vielmetti, MSEN) In article <895@bcstec.boeing.com> ced@bcstec.uucp (Charles Derykus) writes: [about telneting to the smtp port to get a host's FQDN] I wrote a script to automate this. 'gethostbyaddr' works as follows: 1) It runs nslookup and does a PTR query. 2) If that fails, it does a telnet to the SMTP port. 3) If that fails, it telnets to the SMTP port of every host on that network (class D is assumed) looking for one that identifies itself with a FQ network name. This is appended to a non-FQ host name if one was found in step 2. Otherwise it is returned, as is. As each name is generated, it is translated back to an address (with nslookup) for verification. If a name is successfully translated back to an address, the process stops. You may smirk at step 3, but it is quite effective. Many hosts use mail software "as delivered" from the factory. Similarly, some hosts are non-responsive (X terminals, PCs, etc). However, there is almost always one host per net (such as the official mail gateway) that is configured to do the SMTP greeting with its FQDN. I'm not particularly proud of the idea, but it works and is very handy for network debugging. We've recorded 2200 different hosts in our ftp log this year. Only 4 of them failed to be mapped back this way. For those 4 hosts, there is actually a step 2.5 - since step 3 can take a while, the script telnets to the NIC and looks up various forms of the network address. (This virtually always works though it can be fairly inaccurate if it has to go all the way back to, say, a class B address.) The script has various options to control how much effort it uses. (It does not load the network, however while writing it I was greatly concerned that it would.) As an example, 137.204.57.34 does not have an in-addr.arpa entry. It responds by smtp as "deis34.noname". nslookup is used to verify that this is meaningless. The script then finds that 137.204.57.33 is "deis33.cineca.it" so it posits that the original host is "deis34.cineca.it". Again, nslookup is used to verify, this time successfully. "gethostbyaddr" has various forms of verbosity, ranging from saying only a FQDN to a complete description of how it figured it out. The script is included with the expect distribution. (email "send pub/expect.shar.Z" to library@cme.nist.gov or anonymous ftp same from durer.cme.nist.gov) Don Libes libes@cme.nist.gov ...!uunet!cme-durer!libes -- comp.archives file verification durer.cme.nist.gov -rw-rw-r-- 1 100 10 119883 Jun 7 14:00 /pub/expect.shar.Z found gethostbyaddr ok durer.cme.nist.gov:/pub/expect.shar.Z