Windows 2008 – Server Manager – Discovering Reverse IP Lookups using Robtex
Normally in “forward lookup” DNS we know the domain name but don’t know the IP. This is like yellow pages.. you have someones name, but need their telephone number. So it links http://www.bbc.co.uk to a specific IP. Neat.
In Reverse lookup, we have the IP but not the domain name (it’s a reverse of yellow pages… you have the telephone number, but don’t know who it belongs to).
Open Server Manager
Start > Programs > Admin Tools > Server Manager
DNS > Reverse Lookups
Reverse Lookups work from the IP first, the “in-addr.arpa”.
2. Secondly we see how the reverse DNS zones list the full IP address listed, alongise a PTR or pointer to a machine name.
Active Learning – Test it!
Ping http://www.startpage.com – the private search engine (to bypass Google data mining)
So forward DNS lookups tell us that http://www.startpage.com run on IP 18.104.22.168.
So lets test out reverse DNS.
ping -a 22.214.171.124
Now a reverse lookup of the IP address reveals its operated by http://www.startpage.com.
Active Learning – Robtex
The Swiss Army Knife of both forward and reverse DNS lookup is robtex.com
Enter the http://www.startpage.com into the search function.
Notice Info, Summary, Records, Graph etc. Graph is *very good* to visual data.
This is the *Platinum* standard for visualising networks. I haven’t found a tool that betters Robtex for finding and displaying the networks that power a site.
Now, lets look at all the networks that power the site.
Identify Mail Servers (MX)
Robtex is simply stunning! Definitely a tool to keep in your pocket.