Tracking down reverse for ip
I have a customer that has an IP of 12.43.95.126. Currently, I can not get any reverse on this IP. What is the best way to find out the responciable servers for this? Thanx in advance. ----------------------------------------------------------- Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net <http://www.linktechs.net/> LIVE On-Line Mikrotik Training <http://www.onlinemikrotiktraining.com> - Author of "Learn RouterOS" <http://routerosbook.com/>
On 4/15/2010 15:07, Dennis Burgess wrote:
I have a customer that has an IP of 12.43.95.126. Currently, I can not get any reverse on this IP.
What is the best way to find out the responciable servers for this? Thanx in advance.
CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE,
MTCTCE, MTCUME
Really? -- Somebody should have said: A democracy is two wolves and a lamb voting on what to have for dinner. Freedom under a constitutional republic is a well armed lamb contesting the vote. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
jackc@anna ~ $ whois 12.43.95.126 AT&T WorldNet Services ATT (NET-12-0-0-0-1) 12.0.0.0 - 12.255.255.255 GARY SURDYKE MOTORCYCLE INC. ATT240-95-112 (NET-12-43-95-112-1) 12.43.95.112 - 12.43.95.127 jackc@anna ~ $ whois ATT240-95-112 OrgName: GARY SURDYKE MOTORCYCLE INC. OrgID: GSM-19 Address: 2435 HIGHWAY 67 City: FESTUS StateProv: MO PostalCode: 63028 Country: US NetRange: 12.43.95.112 - 12.43.95.127 CIDR: 12.43.95.112/28 NetName: ATT240-95-112 NetHandle: NET-12-43-95-112-1 Parent: NET-12-0-0-0-1 NetType: Reassigned Comment: RegDate: 2002-03-22 Updated: 2002-03-22 RTechHandle: DB2308-ARIN RTechName: Burgess, Dennis RTechPhone: +1-636-931-8700 RTechEmail: dmburgess@surdyke.com OrgTechHandle: DB2308-ARIN OrgTechName: Burgess, Dennis OrgTechPhone: +1-636-931-8700 OrgTechEmail: dmburgess@surdyke.com -Jack Carrozzo On Thu, Apr 15, 2010 at 4:07 PM, Dennis Burgess <dmburgess@linktechs.net> wrote:
I have a customer that has an IP of 12.43.95.126. Currently, I can not get any reverse on this IP.
What is the best way to find out the responciable servers for this? Thanx in advance.
----------------------------------------------------------- Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net <http://www.linktechs.net/> LIVE On-Line Mikrotik Training <http://www.onlinemikrotiktraining.com> - Author of "Learn RouterOS" <http://routerosbook.com/>
What is the best way to find out the responciable servers for this? Thanx in advance.
Call AT&T? Or Gary Surdyke Motorcycle, inc? root@jjohnson-ubuntu:~# whois 12.43.95.126 AT&T WorldNet Services ATT (NET-12-0-0-0-1) 12.0.0.0 - 12.255.255.255 GARY SURDYKE MOTORCYCLE INC. ATT240-95-112 (NET-12-43-95-112-1) 12.43.95.112 - 12.43.95.127 # ARIN WHOIS database, last updated 2010-04-14 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. # # ARIN WHOIS data and services are subject to the Terms of Use # available at https://www.arin.net/whois_tou.html
On Apr 15, 2010, at 4:13 PM, Joe Johnson wrote:
What is the best way to find out the responciable servers for this? Thanx in advance.
Call AT&T? Or Gary Surdyke Motorcycle, inc?
root@jjohnson-ubuntu:~# whois 12.43.95.126 AT&T WorldNet Services ATT (NET-12-0-0-0-1) 12.0.0.0 - 12.255.255.255 GARY SURDYKE MOTORCYCLE INC. ATT240-95-112 (NET-12-43-95-112-1) 12.43.95.112 - 12.43.95.127
# ARIN WHOIS database, last updated 2010-04-14 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. # # ARIN WHOIS data and services are subject to the Terms of Use # available at https://www.arin.net/whois_tou.html
it appears that AT&T has delegate the PTRs to... 112-28.95.43.12.in-addr.arpa. 172800 IN NS ns2.nightowl.net. 112-28.95.43.12.in-addr.arpa. 172800 IN NS mail.nightowl.net. [doon@gyruss:~] dig ns +trace -x 12.43.95.126 ; <<>> DiG 9.3.3 <<>> ns +trace -x 12.43.95.126 ;; global options: printcmd . 502744 IN NS b.root-servers.net. . 502744 IN NS l.root-servers.net. . 502744 IN NS c.root-servers.net. . 502744 IN NS g.root-servers.net. . 502744 IN NS a.root-servers.net. . 502744 IN NS f.root-servers.net. . 502744 IN NS m.root-servers.net. . 502744 IN NS e.root-servers.net. . 502744 IN NS k.root-servers.net. . 502744 IN NS d.root-servers.net. . 502744 IN NS j.root-servers.net. . 502744 IN NS i.root-servers.net. . 502744 IN NS h.root-servers.net. ;; Received 480 bytes from 127.0.0.1#53(127.0.0.1) in 2 ms 12.in-addr.arpa. 86400 IN NS CBRU.BR.NS.ELS-GMS.ATT.NET. 12.in-addr.arpa. 86400 IN NS DMTU.MT.NS.ELS-GMS.ATT.NET. 12.in-addr.arpa. 86400 IN NS DBRU.BR.NS.ELS-GMS.ATT.NET. 12.in-addr.arpa. 86400 IN NS CMTU.MT.NS.ELS-GMS.ATT.NET. ;; Received 143 bytes from 192.228.79.201#53(b.root-servers.net) in 80 ms 126.95.43.12.in-addr.arpa. 172800 IN CNAME 126.112-28.95.43.12.in-addr.arpa. 112-28.95.43.12.in-addr.arpa. 172800 IN NS ns2.nightowl.net. 112-28.95.43.12.in-addr.arpa. 172800 IN NS mail.nightowl.net. ;; Received 117 bytes from 199.191.128.105#53(CBRU.BR.NS.ELS-GMS.ATT.NET) in 42 ms -Patrick -- Patrick Muldoon Network/Software Engineer INOC (http://www.inoc.net) PGPKEY (http://www.inoc.net/~doon) Key ID: 0x370D752C There are only 10 types of people in this world, those that understand binary and those that don't
Dennis Burgess wrote:
I have a customer that has an IP of 12.43.95.126. Currently, I can not get any reverse on this IP.
What is the best way to find out the responciable servers for this? Thanx in advance.
AT&T owns the 12/8 address space. A quick whois gives me: AT&T WorldNet Services ATT (NET-12-0-0-0-1) 12.0.0.0 - 12.255.255.255 GARY SURDYKE MOTORCYCLE INC. ATT240-95-112 (NET-12-43-95-112-1) 12.43.95.112 - 12.43.95.127 # ARIN WHOIS database, last updated 2010-04-14 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. # # ARIN WHOIS data and services are subject to the Terms of Use # available at https://www.arin.net/whois_tou.html Assuming your customer is GARY SURDYKE MOTORCYCLE INC they probably need to talk to AT&T? Greetings, Jeroen
On Apr 15, 2010, at 3:07 PM, Dennis Burgess wrote:
I have a customer that has an IP of 12.43.95.126. Currently, I can not get any reverse on this IP.
What is the best way to find out the responciable servers for this? Thanx in advance.
----------------------------------------------------------- Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME
Don't forget WTF. Chris ------------------------------------------------------------------------- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 - A stupidity tax Hubris Communications Inc www.hubris.net -------------------------------------------------------------------------
Yep. BTW, thanks for all of the replies. In this case ATT was sending the request to another server, and that's what I needed :) ----------------------------------------------------------- Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training - Author of "Learn RouterOS" -----Original Message----- From: Chris Owen [mailto:owenc@hubris.net] Sent: Thursday, April 15, 2010 3:23 PM To: NANOG list Subject: Re: Tracking down reverse for ip On Apr 15, 2010, at 3:07 PM, Dennis Burgess wrote:
I have a customer that has an IP of 12.43.95.126. Currently, I can not get any reverse on this IP.
What is the best way to find out the responciable servers for this? Thanx in advance.
----------------------------------------------------------- Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME
Don't forget WTF. Chris ------------------------------------------------------------------------ - Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 - A stupidity tax Hubris Communications Inc www.hubris.net ------------------------------------------------------------------------ -
On Thu, 2010-04-15 at 15:07 -0500, Dennis Burgess wrote:
I have a customer that has an IP of 12.43.95.126. Currently, I can not get any reverse on this IP.
What is the best way to find out the responciable servers for this? Thanx in advance.
nenolod@petrie:~$ dig -x 12.43.95.126 +trace @4.2.2.1 ; <<>> DiG 9.6.1-P2 <<>> -x 12.43.95.126 +trace @4.2.2.1 ;; global options: +cmd . 26412 IN NS j.root-servers.net. . 26412 IN NS a.root-servers.net. . 26412 IN NS l.root-servers.net. . 26412 IN NS e.root-servers.net. . 26412 IN NS g.root-servers.net. . 26412 IN NS k.root-servers.net. . 26412 IN NS d.root-servers.net. . 26412 IN NS h.root-servers.net. . 26412 IN NS i.root-servers.net. . 26412 IN NS c.root-servers.net. . 26412 IN NS m.root-servers.net. . 26412 IN NS f.root-servers.net. . 26412 IN NS b.root-servers.net. ;; Received 228 bytes from 4.2.2.1#53(4.2.2.1) in 34 ms arpa. 172800 IN NS A.ROOT-SERVERS.NET. arpa. 172800 IN NS H.ROOT-SERVERS.NET. arpa. 172800 IN NS C.ROOT-SERVERS.NET. arpa. 172800 IN NS L.ROOT-SERVERS.NET. arpa. 172800 IN NS F.ROOT-SERVERS.NET. arpa. 172800 IN NS M.ROOT-SERVERS.NET. arpa. 172800 IN NS G.ROOT-SERVERS.NET. arpa. 172800 IN NS E.ROOT-SERVERS.NET. arpa. 172800 IN NS D.ROOT-SERVERS.NET. arpa. 172800 IN NS I.ROOT-SERVERS.NET. arpa. 172800 IN NS B.ROOT-SERVERS.NET. arpa. 172800 IN NS K.ROOT-SERVERS.NET. ;; Received 495 bytes from 192.58.128.30#53(j.root-servers.net) in 28 ms 12.in-addr.arpa. 86400 IN NS DMTU.MT.NS.ELS-GMS.ATT.NET. 12.in-addr.arpa. 86400 IN NS CMTU.MT.NS.ELS-GMS.ATT.NET. 12.in-addr.arpa. 86400 IN NS CBRU.BR.NS.ELS-GMS.ATT.NET. 12.in-addr.arpa. 86400 IN NS DBRU.BR.NS.ELS-GMS.ATT.NET. ;; Received 143 bytes from 192.36.148.17#53(I.ROOT-SERVERS.NET) in 153 ms 126.95.43.12.in-addr.arpa. 172800 IN CNAME 126.112-28.95.43.12.in-addr.arpa. 112-28.95.43.12.in-addr.arpa. 172800 IN NS ns2.nightowl.net. 112-28.95.43.12.in-addr.arpa. 172800 IN NS mail.nightowl.net. ;; Received 117 bytes from 12.127.16.69#53(CMTU.MT.NS.ELS-GMS.ATT.NET) in 60 ms ns2.nightowl.net/mail.nightowl.net is broken (missing 128-28.95.43.12.in-addr.arpa) zone. For someone who is a CCNA, Mikrotik Certified Whatever, etc, etc, etc, you really should know how to use dig(1). William
On Thu, Apr 15, 2010 at 3:59 PM, William Pitcock <nenolod@systeminplace.net> wrote:
For someone who is a CCNA, Mikrotik Certified Whatever, etc, etc, etc, you really should know how to use dig(1).
Certifications usually only suggest certain skills or knowledge they were designed to validate, and sometimes might fail even at that; dig(1) or detailed DNS knowledge is not scoped within either of those certs, as far as I know.. There are probably many CCNA and MTCNA holders who have not so much as seen a Unix/Linux shell prompt, and maybe only saw a DOS/Windows command prompt once or twice, so the only shell command known is 'ping'. [snip snip-]
On Thu, 2010-04-15 at 15:07 -0500, Dennis Burgess wrote:
I have a customer that has an IP of 12.43.95.126. Currently, I can not get any reverse on this IP. What is the best way to find out the responciable servers for this?
There are a number of ways to further research an IP address. Your first stop should be normal WHOIS on the IP, either from your favorite command line, or a web-based service such as DNSTools, DNSStuff, or Robtex as in http://www.robtex.com/ip/12.43.95.126.html#shared #whois If no success.... then check the DNS system to determine what nameservers (if any) are delegated for the IP address' reverse DNS, finally check prefix whois, RADB, or various services to lookup the AS associated with world BGP announcements for the address. Asking OPs mailing lists to help identify responsible party should be very last resort, after all normal avenues are exhausted. -- -J
On Thu, Apr 15, 2010 at 10:52 PM, James Hess <mysidia@gmail.com> wrote:
On Thu, Apr 15, 2010 at 3:59 PM, William Pitcock <nenolod@systeminplace.net> wrote:
For someone who is a CCNA, Mikrotik Certified Whatever, etc, etc, etc, you really should know how to use dig(1).
Certifications usually only suggest certain skills or knowledge they were designed to validate, and sometimes might fail even at that; dig(1) or detailed DNS knowledge is not scoped within either of those certs, as far as I know..
Whilst that's almost certainly right, I had a lot of trouble finding a google search that _didn't_ return something relevant as it's first hit (such as ARIN's whois, or one of several guides on how to use dig/etc for reverse DNS). Of course, they don't teach google in any certification I've come across either, but... Scott
On Thursday 15 April 2010 04:59:19 pm William Pitcock wrote:
For someone who is a CCNA, Mikrotik Certified Whatever, etc, etc, etc, you really should know how to use dig(1).
Which IOS or RouterOS has that command? Now, if the list included RHCE.... As James said, certifications are pretty narrowly targeted instruments; knowing how to set up the cisco IOS featureset of the day or deal with all the things you need to get those certs does not in any way touch real-world DNS issues. At least if I were hiring someone, and they give me a list of certifications like the above, I wouldn't assume any knowledge past what the training materials of the week have in them; any other knowledge would be gravy. You might be surprised how many network professionals have never had need to use whois or dig, and may not even know they exist, but be a whiz at MPLS, IPv6, QoS, etc things.
Wow! Surely, with all the mentioned Certs, you should know how to dig. Darn, you can even get this info by just using web sites. On Thu, Apr 15, 2010 at 3:07 PM, Dennis Burgess <dmburgess@linktechs.net> wrote:
I have a customer that has an IP of 12.43.95.126. Currently, I can not get any reverse on this IP.
What is the best way to find out the responciable servers for this? Thanx in advance.
----------------------------------------------------------- Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net <http://www.linktechs.net/> LIVE On-Line Mikrotik Training <http://www.onlinemikrotiktraining.com> - Author of "Learn RouterOS" <http://routerosbook.com/>
participants (12)
-
Chris Owen
-
Dennis Burgess
-
Dennis Mbogo
-
Jack Carrozzo
-
James Hess
-
Jeroen van Aart
-
Joe Johnson
-
Lamar Owen
-
Larry Sheldon
-
Patrick Muldoon
-
Scott Howard
-
William Pitcock