一些在线安全检查工具具有与 IP 相关联的 DNS 名称数据库。
例如https://www.ssllabs.com当我请求stackoverflow.com
(151.101.129.69)时,结果包含:
替代名称: *.stackexchange.com stackoverflow.com *.stackoverflow.com stackauth.com sstatic.net *.sstatic.net serverfault.com *.serverfault.com superuser.com *.superuser.com stackapps.com openid.stackauth.com stackexchange.com *.meta.stackexchange.com meta.stackexchange.com mathoverflow.net *.mathoverflow.net askubuntu.com *.askubuntu.com stacksnippets.net *.blogoverflow.com blogoverflow.com *.meta.stackoverflow.com *.stackoverflow.email stackoverflow.email
看 :https://www.ssllabs.com/ssltest/analyze.html?d=stackoverflow.com&s=151.101.129.69&hideResults=on
据我对 DNS 工作方式的理解,如果域名被锁定以进行转移,则不可能请求与 IP 地址相关的所有名称:
$ dig stackoverflow.com any
[..]
;stackoverflow.com. IN ANY
;; ANSWER SECTION:
stackoverflow.com. 1800 IN A 151.101.193.69
stackoverflow.com. 1800 IN A 151.101.129.69
stackoverflow.com. 1800 IN A 151.101.65.69
stackoverflow.com. 1800 IN A 151.101.1.69
stackoverflow.com. 9900 IN SOA ns-cloud-e1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300
[..]
并且对 IP 地址进行反向查找将仅返回一条记录(或无记录):
$ host 151.101.129.69
Host 69.129.101.151.in-addr.arpa. not found: 3(NXDOMAIN)
所以我的问题是,如何建立一个包含 IP 地址“替代名称”的数据库?