How I can know the Domain for an IP by PHP?

2019-01-20 06:15发布

问题:

How I can know the Domain for an IP by PHP?

I have used this code

<?php
  $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
  echo $hostname;
?>

But it doesn't work correctly. For example:

gethostbyaddr(62.75.138.253);

domain name is earthwar.de but the correctly answer is german-proxy.de

Please help.

回答1:

A single IP address can host a potentially unlimited number of domains. Domains returned by gethostbyaddr will give the domain name(s) from the PTR DNS records for that IP. A reverse DNS record (PTR) maps IP addresses to one or more domain names.

One such company that provides intelligence as far as domains on IP addresses is domaintools.com. You can pay for such information that they have harvested. If the domain name is not in the PTR record, then the only way you can know what domains are on an IP address is by attempting to resolve domain names to their IP addresses and keeping records. AFIK there is no other way.

See Reverse DNS Lookup and Domain tools reverse IP lookup

The data from the reverse IP lookup on domain tools is all based on their mining, collection and research.



回答2:

There can be MANY name->IP mappings, but only ONE IP->name mapping. It is not unusual to end up with a completely different hostname when you do host->ip->host lookups. You cannot determine what hostname a user specified unless the protocol they're using transmits that hostname along with the request, e.g. http 1.1. Most protocols work purely off IP address and do not need/care about hostnames.



回答3:

Your PHP is correct, earthwar.de is the correct answer

eugen@lucidhome:~$ nslookup
> set q=ptr
> 62.75.138.253
Server:     192.168.232.1
Address:    192.168.232.1#53

Non-authoritative answer:
253.138.75.62.in-addr.arpa  name = earthwar.de.

Authoritative answers can be found from:
> 

This ofcourse doesn't mean, that other names (like german-proxy.de) do not point to the same address, but there is no way to find all of them.

Update:

eugen@lucidhome:~$ nslookup 
> set q=a
> german-proxy.de.     
Server:     192.168.232.1
Address:    192.168.232.1#53

Non-authoritative answer:
Name:   german-proxy.de
Address: 62.75.138.253
> earthwar.de.
Server:     192.168.232.1
Address:    192.168.232.1#53

Non-authoritative answer:
Name:   earthwar.de
Address: 91.143.85.129
> 

so this is a good example. Fact is: There aint noth'n ya can do 'bout it, dude!



回答4:

You can't trust the name returned by gethostbyaddr. A DNS server with authority for a particular IP address can return any hostname at all.

Usually, administrators set up DNS servers to reply with a correct hostname, but a malicious user may configure his/her DNS server to reply with incorrect hostnames. You can avoid falling into that trap when you call gethostbyname on the hostname returned from gethostbyaddr and make sure the name resolves to the original IP address.

But there's more... sometimes a single hostname can map to multiple IP addresses.

var_dump(gethostbynamel('google.com')); 

returns

array(6) {
   [0]=>
        string(14) "173.194.69.104"
   [1]=>
        string(14) "173.194.69.147"
   [2]=>
        string(14) "173.194.69.105"
   [3]=>
        string(14) "173.194.69.106"
   [4]=>
        string(14) "173.194.69.103"
   [5]=>
        string(13) "173.194.69.99"
}

All in all, you will need to learn about DNS digging and reverse-DNS lookups. That's a long road to walk, but you can trust me when I say it is an interesting one.



标签: php get dns ip