1

I noticed that one of Google's mail servers (alt4.aspmx.l.google.com) points to 74.125.200.26, but when I do a reverse DNS lookup on that IP I see that the hostname associated with it is sa-in-f26.1e100.net. My limited understanding of DNS is that when you have a situation like that, one hostname is an alias of the other, but that's not the case here.

My initial goal was making a Python program that given an IP address and a hostname, returns a boolean answer indicating whether the IP belongs to a mail server of that domain. The algorithm I implemented used dig to search all mail servers of a domain and then tried to match any of them to the hostname associated with the given IP (which I found using dig -x). My program fails with the case I mentioned before. What am I missing?

Sorry for my bad english. Thanks!

Rrmm
  • 53
  • 2
  • 7

1 Answers1

1

Many services can run on one server/ipaddress, and many hostnames can resolve to one IP address. In the other direction, one ip address will most often resolve to only one hostname (if it has PTR record at all), and the name will very often be something generic like ip-xx-yy-zz-qq.networkcarrier.net (so unrelated to any of the services that are legitimately running on that server).

Depending on the purpose of your check, perhaps you can just test if the hostname A record points to the required IP address (because your initial requirement is flawed: ip addresses do not belong to domains, they belong to network providers).

(Still, for some purposes, most notably as anti spam measure, there is a use case for checking if ip address resolves to some particular hostname.)

Dusan Bajic
  • 10,249
  • 3
  • 33
  • 43
  • My understanding is that there can be many A records associated with a hostname, and that when I query the nameserver that manages that domain it will give me only one of them. If that's the case, I still can't verify whether the initial IP is running a mail service for that domain. Is my reasoning correct? – Rrmm Aug 24 '17 at 20:44
  • If you query a nameserver for A records, for some hostname, and there are multiple associated IP addresses, nameservers will return all of them (try `nslookup stackoverflow.com`) – Dusan Bajic Aug 25 '17 at 07:33
  • If you want to do such mail server check, the most you can do is query for MX records, and then resolve all received names to ip addresses, and see if there is a match – Dusan Bajic Aug 25 '17 at 07:35