networking - How can traceroute show two different names for the same IP address?

06
2014-04
  • TRiG

    Here are two traceroutes both to 82.195.128.132. One results in the name ns1.hosting365.ie and the other in the name mail.hosting365.ie. Why the difference?

    traceroute to mail.cameracentre.ie (82.195.128.132), 30 hops max, 60 byte packets
 1  192.168.1.254 (192.168.1.254)  0.317 ms  0.464 ms  0.608 ms
 2  b-ras1.pgs.portlaoise.eircom.net (159.134.155.8)  31.094 ms  34.564 ms  38.634 ms
 3  tenge-5-1-1.pe1.pgs.lmk-pgs.eircom.net (86.43.247.133)  39.666 ms  40.829 ms  43.777 ms
 4  tenge-7-1-1.core1.bdt.core.eircom.net (86.43.252.249)  48.862 ms  49.052 ms  50.869 ms
 5  tenge-1-2-1.pe1.6cr.6cr-6cr.eircom.net (86.43.255.90)  53.900 ms  53.992 ms  56.087 ms
 6  83.71.115.181 (83.71.115.181)  58.842 ms  34.027 ms  34.292 ms
 7  h365-deg-br1-g3.hosting365.ie (193.242.111.23)  35.718 ms  35.060 ms  35.510 ms
 8  0-0-4-dub-dr-001.hosting365.ie (84.51.248.97)  40.193 ms  40.283 ms  44.902 ms
 9  0-0-2-dub-ar-004.hosting365.ie (84.51.248.14)  45.136 ms  45.340 ms  49.486 ms
10  bashful.hosting365.ie (82.195.134.70)  49.573 ms  54.386 ms  54.580 ms
11  ns1.hosting365.ie (82.195.128.132)  55.671 ms  56.603 ms  34.909 ms


traceroute to mail.dotser.ie (82.195.128.132), 30 hops max, 60 byte packets
 1  192.168.1.254 (192.168.1.254)  0.300 ms  0.374 ms  0.436 ms
 2  b-ras1.pgs.portlaoise.eircom.net (159.134.155.8)  31.175 ms  35.508 ms  41.560 ms
 3  tenge-5-1-1.pe1.pgs.lmk-pgs.eircom.net (86.43.247.133)  40.325 ms  41.170 ms  43.554 ms
 4  tenge-7-1-1.core1.bdt.core.eircom.net (86.43.252.249)  48.668 ms  48.744 ms  50.473 ms
 5  tenge-1-2-1.pe1.6cr.6cr-6cr.eircom.net (86.43.255.90)  53.640 ms  53.724 ms  57.679 ms
 6  83.71.115.181 (83.71.115.181)  57.994 ms  33.870 ms  36.088 ms
 7  h365-deg-br1-g3.hosting365.ie (193.242.111.23)  39.050 ms  34.446 ms  39.256 ms
 8  0-0-4-dub-dr-001.hosting365.ie (84.51.248.97)  39.493 ms  43.665 ms  43.883 ms
 9  0-0-2-dub-ar-004.hosting365.ie (84.51.248.14)  48.645 ms  48.727 ms  51.290 ms
10  bashful.hosting365.ie (82.195.134.70)  53.648 ms  53.852 ms  56.151 ms
11  mail.hosting365.ie (82.195.128.132)  58.944 ms  59.031 ms  36.878 ms
    • Answers
  • grawity

    82.195.128.132 simply has both names in its "reverse DNS" records.

    "Reverse DNS" is nothing more than a special domain name for every IP address; it's uncommon to have multiple PTR records there, but it's allowed. (It's even allowed to put any other record type there.)

    However, since DNS returns the results randomly ordered, and since practically all programs assume one reverse-DNS name and only take the first result, having multiple names in reverse-DNS might cause the exact kind of confusion as in this question – i.e. the name appears to be chosen randomly.

    $ dig +noall +answer 132.128.195.82.in-addr.arpa. ptr
132.128.195.82.in-addr.arpa. 3527 IN    PTR mail.hosting365.ie.
132.128.195.82.in-addr.arpa. 3527 IN    PTR ns1.hosting365.ie.

    $ host 82.195.128.132
132.128.195.82.in-addr.arpa domain name pointer mail.hosting365.ie.
132.128.195.82.in-addr.arpa domain name pointer ns1.hosting365.ie.
  • Flup

    There are two PTR records for that IP address:

    $ dig -x 82.195.128.132
...
;; ANSWER SECTION:
132.128.195.82.in-addr.arpa. 3584 IN    PTR mail.hosting365.ie.
132.128.195.82.in-addr.arpa. 3584 IN    PTR ns1.hosting365.ie.

    Interestingly, this has changed since I've been writing! I now see only

    132.128.195.82.in-addr.arpa. 3479 IN    PTR mail.hosting365.ie.

    • Related Question

    networking - IP address + domain name
  • sureshbabu

    I have an IP address, xx.xx.xx.xx, for which ping works. But when I do an nslookup for that IP address it is failing. Is there a way to find the domain name of the machine with the IP address xx.xx.xx.xx?


    • Related Answers
  • alemjerus
    1. The machine will not necesserily have a domain name.
    2. Try traceroute
  • Peter Mortensen

    The only way to do this is via a reverse DNS lookup. However, if you are saying that nslookup is failing then (unless there is a local issue with you having bad DNS servers listed on your local machine), then a reverse lookup will not work.

    The various tools that other posters have mentioned, all ultimately do exactly the same the nslookup will do from your machine. They do a reverse DNS lookup via the "in-addr.arpa" address range (this is a special domain reserved in DNS for reverse lookups).

  • David M

    You need to use a "reverse DNS lookup". Try this one online, or Google further for other options.

  • Noon Silk

    Yep, it's called Reverse DNS! Perhaps try: http://remote.12dt.com/

    Also consider DNSStuff: http://www.dnsstuff.com/ great website for troubleshooting DNS issues.

  • AJ.

    In order for an IP address to resolve to a hostname, a PTR record must exist in DNS. For example:

    234.9.96.65.in-addr.arpa. 3570  IN      PTR     h00c0f06bacf1.ne.client2.attbi.com.

    The ISP that owns the netblock including your IP (or its delegated zone authority) must set this up.