Avoid reverse IP domain lookups?

Is there a way to avoid the revelation of all domains hosted on a single IP?

In other words, I just went on whois.sc and entered my IP address and got all the domains hosted on my IP. Is there a way to avoid this? I'm using Bind9.

Thanks!

11 Replies

Really? I've never seen this happen before. Then again, I've always had PTR records set to the "official" name that I have given my host, rather than any other domains that might be hosted there.

Do you have a PTR record set up for that IP? You need to do that through the Linode control panel rather than your DNS, by the way.

Thanks for the quick reply.. I went into my Linode control panel and did the reverse DNS but I have 2 IP's listed and it only lets me change it for 1 IP, not both..

Are you talking about the Reverse DNS Manager or the DNS Manager?

That would be reverse DNS manager. DNS manager is just a general form-driven DNS service that you can use for any old domain. Reverse DNS Manager allows you to set the PTR record for an IP address.

I only have one IP per each of my Linodes so don't know whether the Reverse DNS Manager can handle multiple IPs per Linode (it should). If it doesn't I'd suggest that you raise a support ticket.

Please note the following from Reverse DNS Manager:
> The hostname you enter must have a valid A/CNAME record pointing to the IP you want to set the reverse DNS for. The A/CNAME record must be propagated and working before we will be able to find it. You may also enter the IP address if you don't want an RDNS entry for that IP.

Well, I went back and added the 2nd IP to my primary domain (bind.conf) and then went into the RDNS in Linode Members area but it still only asks if I want it to point to the 1st IP only. I'll submit a ticket and see what happens.

I have two IPs on my Linode and the Reverse DNS Manager handles this OK. The address you are trying to add must be propagated in DNS before this will work (i.e. RDNSM must be able to look up the name and see it pointing to the address).

The list at whois.sc isn't a reverse DNS lookup type of list, though. It just caches the IP for a domain (without the www), and keeps records of which domains (restricted to .com, .net, .org, .biz, .us, and .info) that resolves to that particular IP address.

Ok sorry.. Try this link.. It might surprise you:

http://www.domaintools.com/reverse-ip/

@A32:

Ok sorry.. Try this link.. It might surprise you:

http://www.domaintools.com/reverse-ip/
I just checked the domain "neonnero.com", which points to 69.12.118.136. The real reverse-DNS points to noreverse.dns-solutions.net, while the first 3 results from the DomainTools website show the domains bd0.info, bd0.net and betadome.com, which 39 more results. This is for the virtual hosting provider (ProHosting.com) I use for my primary website.

Also, looking up 213.184.199.28 using that tool shows the first 3 results as actual-gaming.org, akero.info and akeroe.info, while the actual reverse DNS shows up as nansen.betadome.net (and I know for a fact that this IP address wasn't used for any reverse DNS mapping prior to the current mapping).

Judging by that, I can tell that the DomainTools reverse DNS uses cached results from the individual domains, rather than a plain reverse DNS lookup.

So… where's the surprise?

> Judging by that, I can tell that the DomainTools reverse DNS uses cached results from the individual domains, rather than a plain reverse DNS lookup.

So… where's the surprise?

The surprise comes from me on my end because I don't even use some of the domains that are listed (yet they belong to me). The only entries for those domains are with my registrar (NS) and bind.. I don't understand where they got them!

Like for instance..

Registrar end:

NS: ns1.domain1.com (123.123.123.123) ns2.domain.com (123.123.123.124)

domain1: ns1.domain1.com ns2.domain1.com

domain2: ns1.domain1.com ns2.domain1.com

domain3: ns1.domain1.com ns2.domain1.com

But I'm missing something. How did they take 1 IP address and get all the domain names that are hosted on it if all they know is my nameserver IP's? Doesn't that mean that bind is giving away a list of all domain names configured on my linode?

The reverseip website probably built the database by scanning the top-level DNS zone files (.com itself, .net, etc.) and making a list based on all DNS domains registered to the IP via your domain registrar. Some people have access to these zone files. With them, it's very trivial to build a simple database of this information. I could probably do the same in a few minutes if I did, too. :)

For the curious, you can get access to various key TLD zone files by filling out a legal agreement and sending it back to Verisign:

http://www.verisign.com/information-ser … 01051.html">http://www.verisign.com/information-services/naming-services/com-net-registry/page_001051.html

Application forms (which must be filled out, signed, and faxed):

http://www.verisign.com/information-ser … 01052.html">http://www.verisign.com/information-services/naming-services/com-net-registry/page_001052.html

The zone files are a bit different from whois information. They contain every domain (in the TLD) and the IPs of their nameservers.

> The reverseip website probably built the database by scanning the top-level DNS zone files

Yeah.. I just changed a bind entry to a different IP address and it didn't show up on the reverse IP search..

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct