I have a tcp
packet. From the tcp header, I can get the destination IP address. My goal is to find the hostname for the destination.
I tried to do reverse dns look up using the code below.
try {
hostname = InetAddress.getByName(myIp).getHostName();
Log.w("Host for ", myIp + " is " + hostname) ;
}catch (UnknownHostException e){
Log.w("Unknown Host for ", myIp);
}
The above code gives the output as:
W/Host for: 172.217.3.33 is iad23s57-in-f1.1e100.net
W/Host for: 216.58.217.142 is iad23s43-in-f14.1e100.net . . .
I want the hostname as the name of the website. example. youtube.com, stackoverflow.com etc.
I tried to use MiniDNS
library for this.
ResolverResult<A> result = DnssecResolverApi.INSTANCE.resolve(hostname, A.class);
if (!result.wasSuccessful()) {
DnsMessage.RESPONSE_CODE responseCode = result.getResponseCode();
// Perform error handling.
Log.d(TAG, “ Result Not successful");
return;
}
if (!result.isAuthenticData()) {
// Response was not secured with DNSSEC.
Log.d(TAG, ”Result Not authentic");
return;
}
Set<A> answers = result.getAnswers();
for (A a : answers) {
InetAddress inetAddress = a.getInetAddress();
// Do someting with the InetAddress, e.g. connect to.
Log.d(TAG, InetAddress.toString());
}
The above code gives the following error:
Access denied finding property "net.dns1"
I am able to parse the tcp/udp
packet to get the tcp/udp header
and get the destination address. Is there any way to get the hostname from the packet other than the destination ip?
The short answer is, you received correct hostname. To understand, you needs to know how DNS is working and how it my be used to distribute traffic to local area hosts.
DNS has multiple types of records. One of particular interests are:
A Record
, that stores hostname to IPv4 mapping.PTR Record
, that does the reverse
mapping.Lets go though an example and query for google.com IP:
$ dig +noall +answer google.com any
google.com. 38795 IN NS ns2.google.com.
google.com. 299 IN A 172.217.16.14
google.com. 58 IN SOA ns1.google.com. dns-admin.google.com. 281257231 900 900 1800 60
google.com. 277 IN AAAA 2a00:1450:401b:804::200e
google.com. 38795 IN NS ns4.google.com.
google.com. 38795 IN NS ns1.google.com.
google.com. 38795 IN NS ns3.google.com.
Records marked with A are A records
.
Note that results may vary in time and location. DNS load balancing may be applied. One hostname can be resolved to many possible other IP addresses or subdomains.
Lets do a reverse lookup, try to get host from an IPv4 address:
$ dig +noall +answer -x 172.217.16.14
14.16.217.172.in-addr.arpa. 85118 IN PTR waw02s13-in-f14.1e100.net.
14.16.217.172.in-addr.arpa. 85118 IN PTR mil02s06-in-f14.1e100.net.
PTR Records
that were returned point to two different hostnames. This is example of anycast address. Both servers have same IP address. None of those resolves back to google.com domain.
It is essentially one to manny mapping, google.com host delegates handling of requests to many different hosts. But DNS don't track the original/primary host.
You possible could do lookups for SOA record.
$ dig SOA mil02s06-in-f14.1e100.net
; <<>> DiG 9.10.6 <<>> SOA mil02s06-in-f14.1e100.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28298
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mil02s06-in-f14.1e100.net. IN SOA
;; AUTHORITY SECTION:
1e100.net. 60 IN SOA ns1.google.com. dns-admin.google.com. 281257231 900 900 1800 60
;; Query time: 38 msec
;; SERVER: 62.179.1.60#53(62.179.1.60)
;; WHEN: Wed Nov 20 14:25:16 CET 2019
;; MSG SIZE rcvd: 114
So you know it belongs to google. However, I don't think that Android SDK has a way to do SOA query.