Join Log in
Score:0
bitinerant avatar Server

How does one query the resolver name of a DNS server?

tr flag
bitinerant

The Shodan search tool, for some DNS servers, shows a Resolver name value for what it finds on UDP port 53. For example, 80.82.117.140 shows Resolver name: server402.xenserve.com and 103.81.27.118 reports Resolver name: smartway-h7.

I have searched the web as well as the man pages for dig and nslookup, as well as searching the output of dig @ip_of_dns_server, but I cannot figure out how to retrieve the resolver name for a DNS server.

How can I query the resolver name myself using Linux command-line tools?

360
1 + 5
dig
Patrick Mevzek avatar
cn flag
Patrick Mevzek
PTR record on the IP shows `ns1.402.xenserve.com.` as name. But how is this useful in any way? When clients configure DNS servers they obviously put their IP, not their names, otherwise there is a circular loop.
2
Reply
bitinerant avatar
tr flag
bitinerant
Thank you. However, this doesn't explain where Shodan gets `server402.xenserve.com`. I'm trying to figure out how to configure and verify the resolver name in BIND9 for my own server, since--useful or not--it is apparently publicly visible.
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
`server402.xenserve.com` does also resolve to same IP, so if someone maintains a database of forward queries results, after some time to learn data, a reverse can be found by just poking in it. Or the `PTR` record changed "recently".
1
Reply
bitinerant avatar
tr flag
bitinerant
I added an example above where the resolver name is not even a valid domain.
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
`dig -x 103.81.27.118` returns NXDOMAIN from APnic, so whatever name you get comes from "elsewhere" and not the DNS (but there is also no guarantee that a PTR record follows guidelines for a name, nor that that name does in fact resolve, and resolve to the original IP address; for most uses `PTR` records are useless today).
0
Reply
Score:1
bitinerant avatar Server
tr flag
bitinerant

I finally found it. It is part of the Chaos (CH) class DNS record. For the examples given above, these queries return the information I was looking for:

dig @80.82.117.140 hostname.bind TXT CHAOS +short
dig @103.81.27.118 hostname.bind TXT CHAOS +short

These commands display "server402.xenserve.com" and "smartway-h7" respectively, the exact values that Shodan displays as "Resolver name". This is normally the hostname of the DNS server.

See also:

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.