-3

I have been looking to find the IP from a machine that asks my DNS server for a CNAME resolution.

For example:

User A pings to DNS server 1 on test.myserver.com, this server has a CNAME resolution for test to www.google.com.

I would like to find the IP from user A. However i have no idea if this is possible.

Maxim
  • 105
  • 3
  • Why do you need this? – Sven Jan 14 '16 at 11:29
  • I need this so i can keep track of how many unique users connected to that specific CNAME – Maxim Jan 14 '16 at 11:48
  • DNS is not the way to get that information. This is not even the beginning of a solution. – Sven Jan 14 '16 at 11:49
  • Well, I'm hosting the CNAME resolution as well, together with nameservers and an A-record. – Maxim Jan 14 '16 at 11:50
  • My answer below told you about caching and recursive queries. It should be clear to you now that you can't see the info you want this way. What kind of service is the CNAME target hosting? – Sven Jan 14 '16 at 11:52
  • It uses as a transfer from my domain to others, the others are chosen randomly every minute and put in the data of the CNAME – Maxim Jan 14 '16 at 11:55
  • If you set the TTL of the CNAME to 0, you should get an approximate number of clients (approximate as DNS servers might ignore the implicit "don't cache, ask everytime" request coming with a TTL of 0), but still not the originating IPs. If you want precise numbers, you have to change the way your service works, e.g. use a redirecting web service instead of the CNAME approach. – Sven Jan 14 '16 at 12:08
  • My TTL is set at 1 which should be random enough since i read 0 can give troubles sometimes as you mentioned. I used CNAME rather than a redirecting service because i need to forward a protected protocol and port number not standard to HTTP/HTTPS or port 80 – Maxim Jan 14 '16 at 13:11

1 Answers1

2

Your example is really confusing, but in the general case it's not reliably possible to determine the originating IP of someone initiating a DNS query.

The reason for this is the existence of DNS recursion. If I happen to make a DNS query to my DNS server, it usually will take it upon itself (or delegate it itself) to get the data and send it back to me.

All you see on your server is my DNS server asking for the name, but you don't see me.

This even ignores the caching issue - a recursing DNS server will cache an entry it found for the time defined in the records TTL and any subsequent queries for that name from other hosts will be answered out of the cache and you will never notice it at all.

That said, depending on your specific DNS server, it might be possible to log the IPs of systems querying your server, but as I said, this will mostly be other DNS servers recursing down to you.

Sven
  • 98,649
  • 14
  • 180
  • 226