gethostbyaddr(1) (was: Confirming DNS name - what I really meant)

Sat Jun 8 04:20:55 AEST 1991

In article <895 at bcstec.boeing.com> ced at bcstec.uucp (Charles Derykus) writes:
[about telneting to the smtp port to get a host's FQDN]

I wrote a script to automate this.  'gethostbyaddr' works as follows:

1) It runs nslookup and does a PTR query.

2) If that fails, it does a telnet to the SMTP port.

3) If that fails, it telnets to the SMTP port of every host on that
network (class D is assumed) looking for one that identifies itself
with a FQ network name.  This is appended to a non-FQ host name if one
was found in step 2.  Otherwise it is returned, as is.

As each name is generated, it is translated back to an address (with
nslookup) for verification.  If a name is successfully translated back
to an address, the process stops.

You may smirk at step 3, but it is quite effective.  Many hosts use
mail software "as delivered" from the factory.  Similarly, some hosts
are non-responsive (X terminals, PCs, etc).  However, there is almost
always one host per net (such as the official mail gateway) that is
configured to do the SMTP greeting with its FQDN.

I'm not particularly proud of the idea, but it works and is very handy
for network debugging.  We've recorded 2200 different hosts in our ftp
log this year.  Only 4 of them failed to be mapped back this way.

For those 4 hosts, there is actually a step 2.5 - since step 3 can take
a while, the script telnets to the NIC and looks up various forms of the
network address.  (This virtually always works though it can be fairly
inaccurate if it has to go all the way back to, say, a class B address.)

The script has various options to control how much effort it uses.
(It does not load the network, however while writing it I was greatly
concerned that it would.)

As an example, 137.204.57.34 does not have an in-addr.arpa entry.  It
responds by smtp as "deis34.noname".  nslookup is used to verify that
this is meaningless.  The script then finds that 137.204.57.33 is
"deis33.cineca.it" so it posits that the original host is
"deis34.cineca.it".  Again, nslookup is used to verify, this time
successfully.

"gethostbyaddr" has various forms of verbosity, ranging from saying
only a FQDN to a complete description of how it figured it out.  The
script is included with the expect distribution.  (email "send
pub/expect.shar.Z" to library at cme.nist.gov or anonymous ftp same from
durer.cme.nist.gov)

Don Libes          libes at cme.nist.gov      ...!uunet!cme-durer!libes