I am trying to find a way to obtain the real ip addresse(s) for a domain name. I'm working on a router doing traffic shaping with the use of iptables and tc. I then need to setup iptables rules for marking packets coming from certain domains, using their ip addresses.
In a first time I used the dig command, querying the name server of the domain, like this:
nbNameServer=`$dig NS $url +short | wc -l`
# If there is NS for the given domain
if [ $nbNameServer -gt 0 ]; then
for i in $($dig NS $url +short $TOdig); do
ipDom=`$dig @$i $url +short $TOdig`
# Ip found on the $i name server, no need to consult the others
if [ -n "$ipDom" ]; then
failed=`echo -e "$ipDom" | egrep "no servers could be reached"`
if [ ! -n "$failed" ]; then
break
else
ipDom=""
fi
fi
done
fi
If the router in the /etc/resolv.conf file has let's say 8.8.8.8 google DNS, is there a way one of the ip or domain is not up to date or spoofed using the way I did ?
I actually don't know if the router will be in an environment where a local DNS server is used or not.
Is it possible to perform a secure DNS lookup with the host command too ?
The only thing I want to be sure is that for a given domain mydomain.com, the DNS lookup will return all the ip addresses (I just need the A or AAAA record), up to date.
I am still a little confused about all the DNS mechanisms, so any comments/remarks/advices are of course welcomed.
Best Answer
Practically speaking, it's highly unlikely that the results you obtain from
digwill have been falsified. If you want some sort of absolute assurance, though, you're out of luck -- without something like DNSSEC, spoofing is entirely possible.