As you might already know, I work for a small regional web hosting ISP. We have have several shared web environments to manage and host our clients on.
Now if we need to find out which shared web server is responsible for a specific domain name of one of the clients (in this example, "iwelt.de"), you probably do something like this:
dig +short iwelt.de
Okay, now we have an IP address but that probably doesn't help us out unless we know our whole IPAM system inside out. Next step is trying to figure out which server is using the IP "220.127.116.11". We can use
dig again for that:
dig +short -x 18.104.22.168
And now we found out about the responsible web server which is serving the domain "iwelt.de". Since I do those steps nearly everyday I am getting tired of doing it step by step all the time, I wrote a small Bash script for this.
Circular dig or odig
Basically odig just combines the two commands above and simplifies the whole process:
iwelt.de returned the following DNS records: 1. returned IP: 22.214.171.124 corresponding PTR: t1.iwelt-ag.net.
In case you get some CNAME records, it will try to resolve the A records instead:
www.frd.mn returned the following DNS records: 1. returned hostname (CNAME): c-3po.frd.mn. -> skip 2. returned IP: 126.96.36.199 corresponding PTR: c-3po.frd.mn.
If you want to take a look for yourself checkout my repo on GitHub. In case you found some problems or improvements, feel free to send a pull request.
Update: resolving MX records
One of my coworkers asked me if I could implement a feature to lookup MX records of a Domain as well. Got him satisfied some minutes later:
odig -m yeahwh.at
yeahwh.at returned the following MX records: 1. returned hostname (CNAME): alt2.aspmx.l.google.com. -> resolved IP: 188.8.131.52 -> resolved PTR: pb-in-f26.1e100.net. 2. returned hostname (CNAME): aspmx2.googlemail.com. -> resolved IP: 184.108.40.206 -> resolved PTR: la-in-f26.1e100.net. 3. returned hostname (CNAME): aspmx3.googlemail.com. -> resolved IP: 220.127.116.11 -> resolved PTR: pb-in-f26.1e100.net. 4. returned hostname (CNAME): aspmx.l.google.com. -> resolved IP: 18.104.22.168 -> resolved PTR: fa-in-f26.1e100.net. 5. returned hostname (CNAME): alt1.aspmx.l.google.com. -> resolved IP: 22.214.171.124 -> resolved PTR: la-in-f26.1e100.net.
As you can see in the example above, you just need to pass the -m switch to query MX records instead of A/CNAMEs.