Not sure if this helps -<br><br> Domain Name: <a href="http://GRC.COM">GRC.COM</a><br> Registrar: NETWORK SOLUTIONS, LLC.<br> Whois Server: <a href="http://whois.networksolutions.com">whois.networksolutions.com</a><br>
Referral URL: <a href="http://www.networksolutions.com">http://www.networksolutions.com</a><br> Name Server: <a href="http://NS4.CUSTOMER.LEVEL3.NET">NS4.CUSTOMER.LEVEL3.NET</a><br> Name Server: <a href="http://NS6.CUSTOMER.LEVEL3.NET">NS6.CUSTOMER.LEVEL3.NET</a><br>
Status: clientTransferProhibited<br> Updated Date: 29-dec-2006<br> Creation Date: 17-dec-1991<br> Expiration Date: 16-dec-2012<br><br>dig shows -<br>;; ANSWER SECTION:<br><a href="http://grc.com">grc.com</a>. 80 IN A 4.79.142.200<br>
<br>NetRange: 4.0.0.0 - 4.255.255.255<br>CIDR: <a href="http://4.0.0.0/8">4.0.0.0/8</a><br>OriginAS: <br>NetName: LVLT-ORG-4-8<br>NetHandle: NET-4-0-0-0-1<br>Parent: <br>NetType: Direct Allocation<br>
NameServer: <a href="http://NS2.LEVEL3.NET">NS2.LEVEL3.NET</a><br>NameServer: <a href="http://NS1.LEVEL3.NET">NS1.LEVEL3.NET</a><br><br>So this is IP for <a href="http://grc.com">grc.com</a> is coming from level 3s block at their DC.<br>
<br>You can use the same methods to find where an IP is originating from and using other tools to really narrow things down.<br><br>rDNS records are typically setup for servers who IP need it for running a mail server, there is quite a few mail services that wont accept mail from IP(s) that do not have this feature setup.<br>
You can run a simple rdns check like this -<br><br>nightrider:~$ host <a href="http://madslice.net">madslice.net</a><br><a href="http://madslice.net">madslice.net</a> has address 173.230.142.94<br><br>then reversing the IP shows you my VPS is at linode -<br>
nightrider:~$ host 173.230.142.94<br>94.142.230.173.in-addr.arpa domain name pointer <a href="http://li182-94.members.linode.com">li182-94.members.linode.com</a>.<br><br><br>Cheers<br><br><div class="gmail_quote">On Mon, Sep 13, 2010 at 10:23 AM, Derek Atkins <span dir="ltr"><<a href="mailto:warlord@mit.edu">warlord@mit.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Ron Frazier <<a href="mailto:atllinuxenthinfo@c3energy.com">atllinuxenthinfo@c3energy.com</a>> writes:<br>
<br>
[snip]<br>
<div class="im">> Your Internet connection's IP address is uniquely associated with the<br>
> following "machine name":<br>
><br>
> <a href="http://c-76-97-157-166.hsd1.ga.comcast.net" target="_blank">c-76-97-157-166.hsd1.ga.comcast.net</a><br>
><br>
> So, he not only knows I'm in GA, he knows my ISP. Not sure how that's done.<br>
<br>
</div>"Reverse-DNS." You can look up data (PTR records) in the<br>
z.y.x.w.in-addr.arpa domain for IP Address w.x.y.z and if the ISP (like<br>
Comcast) has put in information then that's what you'll get. But it<br>
could be completely random if the IP Address is via your own net-block.<br>
<br>
So while Comcast is good about reverse-DNS pointer records, not all ISPs<br>
are, and generally you cannot assume that PTR records contain GEO<br>
information. For example, I can assure you that 130.207.160.29 is in<br>
Georgia, but DNS certainly wouldn't tell you directly.<br>
<br>
-derek<br>
<font color="#888888"><br>
--<br>
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory<br>
Member, MIT Student Information Processing Board (SIPB)<br>
URL: <a href="http://web.mit.edu/warlord/" target="_blank">http://web.mit.edu/warlord/</a> PP-ASEL-IA N1NWH<br>
<a href="mailto:warlord@MIT.EDU">warlord@MIT.EDU</a> PGP key available<br>
</font><div><div></div><div class="h5">_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br>