What other aliases does my host have?

Posted by Andy Gavin on Wed, 2009-09-30 17:35

It is common for hosts to have a number of names on the internet, this can be done for virtual hosting, marketing and other reasons. For I while now I have worked with implementations of webservices, when these webservices are shipped we often provide the client with a vanity URL that is memorable for the service that they wish to access.

However these names can be sometimes difficult to manage as there is no easy way to find the aliases that point to a particular host. DNS allows you to lookup an alias to find out what host the alias is for, but there is no lookup in the other direction.

Aliases are implemented in DNS as records called CNAME records. If I wanted to look up an alias I could:

dig CNAME alias.example.com +short

this would give back what this was an alias for, or if this name has an IP associated with it nothing. So in this example dig may return realhost.example.com. There is no easy way, with DNS clients to type in realhost.example.com and find the aliases for that host. To do anything like you have to resort to a transfer protocol that exists in DNS for transferring settings between nameservers. Sometimes this is turned off or not implemented in clients. Some nslookup clients implement this transfer as the ls command. For example:

% nslookup
> ls -t CNAME example.com

should list the CNAME records for the whole domain of example.com. You would then have to search through these records for the records needed.

I've found dig command is more complete on the systems I use. This can be used to find the records needed:

dig axfr example.com | fgrep CNAME  | fgrep realhost.example.com

To take this one step forward it a quick script could be implemented to find all the other related aliases for an alias:

#vanity.sh <vanity_hostname>
if [ $# -lt 1 ]
        echo $0 '<vanity>' 2>&1
        exit 1
HOST=`dig CNAME $VANITY +short`
DOMAIN=`echo $VANITY | cut -d. -f2-`
if [ x$HOST = x ]
        echo $0 : $1 is not a vanity 2>&1
        exit 2
dig axfr $DOMAIN | fgrep -e CNAME | fgrep -e $HOST | cut  -f1

(Apologies for the cira. 1989 shell scripting, it was quick ;) )

Add new comment