# Get ipblock list from a domain?



## klabacita (Oct 2, 2013)

Hi guys.

If this question goes in other forum please let me know.

My question is simple, I had a domain example.com, my proxy point to different IP address:


```
w.x.y.1
w.x.y.2
...
w.x.y.N
```

Is there a way to know all the IPs from that domain?

Any tip I will appreciate, thanks.!!!


----------



## SirDice (Oct 2, 2013)

I'm not sure what you mean but dig(1) will show you all the IP addresses a hostname will resolve to. For example:

```
dice@armitage:~% dig www.google.com

; <<>> DiG 9.8.4-P2 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63334
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         181     IN      A       173.194.67.106
www.google.com.         181     IN      A       173.194.67.104
www.google.com.         181     IN      A       173.194.67.105
www.google.com.         181     IN      A       173.194.67.103
www.google.com.         181     IN      A       173.194.67.99
www.google.com.         181     IN      A       173.194.67.147

;; Query time: 2 msec
;; SERVER: 2a01:7c8:b::c53#53(2a01:7c8:b::c53)
;; WHEN: Wed Oct  2 18:37:40 2013
;; MSG SIZE  rcvd: 128
```


----------



## kpa (Oct 2, 2013)

I guess you mean a zone transfer for a given zone. Unfortunately most name servers disable zone transfer for outsiders to avoid denial of service attacks. If it's your own zone and you have enabled zone transfers to a trusted IP address you can do:

`dig @mydnsserver mydomain.tld AXFR`


----------



## klabacita (Oct 2, 2013)

```
dig  [url]www.akamaihd.net[/url]

; <<>> DiG 9.4.3-P3 <<>> [url]www.akamaihd.net[/url]
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41435
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;[url]www.akamaihd.net[/url].              IN      A

;; AUTHORITY SECTION:
akamaihd.net.           106     IN      SOA     internal.akamaistream.net. hostmaster.akamai.com. 1380733507 90000 90000 90000 180

;; Query time: 1 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Wed Oct  2 10:06:21 2013
;; MSG SIZE  rcvd: 113
```

Don't see all the IPs from this domain.


----------



## ondra_knezour (Oct 2, 2013)

Akamai is a content delivery network, they serve content from their caches all over the world on the connectivity and geographical basis. 

A or CNAME for the http://www.akamaihd.net is simply not set. If you will try something like fbcdn-sphotos-g-a.akamaihd.net, you will get few entries, but definitely not all available in the whole world.


----------



## Anonymous (Oct 2, 2013)

klabacita said:
			
		

> ```
> ; <<>> DiG 9.4.3-P3 <<>> www.akamaihd.net
> ;; global options:  printcmd
> ;; Got answer:
> ...



The important information is ... status: NXDOMAIN ...

That means the domain does not exist, and of course you won't see any IP for a *n*on-e*x*isting *domain*.


----------



## klabacita (Oct 3, 2013)

Guys, thanks all for your info, I'm hunting most of the IPs from Facebook, we are developing an app and I require almost all of the IPs they use, I'm using Squid to see IPs but they use a lot and I prefer to search the whole IP range.


----------



## xtaz (Oct 3, 2013)

Best option is just to ask them what their network range is but failing that try doing a `whois` on one of the IPs. For example if I do `whois 173.194.41.137` I get this (this is one of Google's IP ranges):


```
NetRange:       173.194.0.0 - 173.194.255.255
CIDR:           173.194.0.0/16
```


----------



## DutchDaemon (Oct 3, 2013)

Go to http://bgp.he.net/, input one of Facebook's IP addresses, find the corresponding AS, and query which prefixes they announce.


----------



## klabacita (Oct 17, 2013)

Sorry for this delay, let me understand this.

I got an IP that is 173.252.102.241, I ask and I got back that this is part of 173.252.96.0/19. Then, this tells me that this whole bunch of IP's are from this domain right? It is the same AS number. Correct?


----------



## DutchDaemon (Oct 18, 2013)

That /19 is just part of a huge AS, which you see in the column left of that /19. And that leads to this list: http://bgp.he.net/AS32934#_prefixes (plus the IPv6 part: http://bgp.he.net/AS32934#_prefixes6) - that's the entire Facebook AS. Well, at least one of them, there may be more.


----------

