Domain name and IP mutual inspection for information collection

Purpose

Linux下通过shell终端查询某域名的IP地址、通过IP地址查询绑定的域名。并
整理返回结果，创建python工具。

environment

linux + 命令行

tool

1.  ping
2.  host
3.  dig
4.  nslookup

Tool 1: PING --- simple and rude

Use the ping command to send a request to communicate directly with the target using the ICMP protocol. As long as the target site has DNS public network resolution, the IP address corresponding to the domain name can be found.

Ping -c 1 <domain name>

#  例1：ping 存在的域名
root@kali:~# ping -c 1 baidu.com
PING baidu.com (111.13.101.208) 56(84) bytes of data.
64 bytes from baidu.com (111.13.101.208): icmp_seq=1 ttl=128 time=13.0 ms

--- baidu.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 13.053/13.053/13.053/0.000 ms

# 例二：ping映射到禁用ICMP协议主机上的域名
root@kali:~# ping imooc.com
PING imooc.com (117.121.101.40) 56(84) bytes of data.

--- imooc.com ping statistics ---
432 packets transmitted, 0 received, 100% packet loss, time 441337ms

# 例二：ping不存在的域名
root@kali:~# ping ajsdlfjasldfj.com
ping: ajsdlfjasldfj.com: Name or service not known

Tool 2: host

host is a simple, single-target, domain name query tool that can specify DNS servers. By default, the DNS server in the /etc/resolv.conf file is used to query the A, AAAA, and MX records of the specified domain name.

Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time] [-R number] 
                     [-m flag] hostname [server]

# 常用参数：
-a 指定查询所有类型(A、AAAA、MX、SOA等)的记录
-t <type> 设置查询记录的类型
-W <number> 设置查询超时时间
-s 设置遇到SERVFAIL响应时，停止查询

# 示例一 （未指定超时时间，等待6秒后返回结果）
root@kali:~# host ziroom.com
ziroom.com has address 119.254.76.107
ziroom.com has address 119.254.76.108
ziroom.com has address 119.254.76.106
ziroom.com has address 119.254.83.229
ziroom.com has address 119.254.83.228
Host ziroom.com not found: 2(SERVFAIL)
;; connection timed out; no servers could be reached

# 示例二 （指定遇到SERVFAIL后停止继续查询）
root@kali:~# host -s ziroom.com
ziroom.com has address 119.254.76.107
Host ziroom.com not found: 2(SERVFAIL)
;; connection timed out; no servers could be reached

# 示例三 （设置超时时间，大概3秒返回结果）
root@kali:~# host -W 1 ziroom.com
ziroom.com has address 119.254.76.107
Host ziroom.com not found: 2(SERVFAIL)
;; connection timed out; no servers could be reached

# 通过上面三个实验的结果，如果要用在python中，应该使用 host -W 1 <domain name>

Tool three: dig

dig is a flexible, easy-to-use, powerful, domain name query tool that supports specifying DNS servers and batch queries. dig submits a query to the DNS server and organizes and displays the query results. By default, dig uses the /etc/resolv.conf file to query the A and NS records of the specified domain name.

# 快速命令
dig ziroom.com +noadditional +noadflag +nocomments
# 参数解释
# ziroom.com 设置查询的域名
# +noadditional 设置不显示附加结果
# +noadflag 设置不显示验证信息
# +nocomments 设置不显示注释信息

# 示例
root@kali:~# dig ziroom.com +noadditional +noadflag +nocomments

; <<>> DiG 9.11.2-5-Debian <<>> ziroom.com +noadditional +noadflag +nocomments
;; global options: +cmd
;ziroom.com.                    IN      A
ziroom.com.             5       IN      A       119.254.76.107
ziroom.com.             5       IN      A       119.254.83.228
ziroom.com.             5       IN      A       119.254.76.106
ziroom.com.             5       IN      A       119.254.83.229
ziroom.com.             5       IN      A       119.254.76.108
ziroom.com.             5       IN      NS      dns10.hichina.com.
ziroom.com.             5       IN      NS      dns9.hichina.com.
;; Query time: 26 msec
;; SERVER: 192.168.158.2#53(192.168.158.2)
;; WHEN: Mon Apr 16 06:06:26 EDT 2018
;; MSG SIZE  rcvd: 422

Tool 4: nslookup

A feature-rich domain name query tool. Direct interactive mode, non-interactive mode, query A record by default.

# 快速命令
nslookup -qt A ziroom.com

# 示例一
root@kali:~# nslookup -qt ziroom.com
*** Invalid option: qt
Server:         192.168.158.2
Address:        192.168.158.2#53

Non-authoritative answer:
Name:   ziroom.com
Address: 119.254.76.107
** server can't find ziroom.com: SERVFAIL

Tool comparison

	ping	host	you	nslookup
speed	slow	generally	quick	fastest
Accuracy	accurate, single	accurate and rich	accurate, single	Not necessarily accurate, rich

python code

class WebSite(object):
    def GetIpBySite(self, site):
        cmd_dig = "dig {0} +noadditional +noadflag +nocomments +nodnssec".format(site)
        cmd_host = "host -W 1 -s {0}".format(site)
        try:
            ans = self.RunCmdByOs(cmd_dig)
            if ans:
                ans = ans.split('\n')[4]
                ip = ans.split('\t')
                return (ip[5])
        except:
            pass
    def RunCmdByOs(self, cmd):
        try:
            f = os.popen(cmd)
            ans = f.read()
            f.close()
            return ans
        except:
            pass

ws = WebSite()
ip = ws.GetIpBySite("ziroom.com")
print(“ziroom.com的IP地址为：”ip)
# ziroom.com的IP地址为：119.254.76.107

Summarize

In order to better output the IP address corresponding to the domain name in the tool, you should analyze the string of the command execution result to find an appropriate regular pattern and match the complete IP address.