Iain Posted August 9, 2010 Posted August 9, 2010 (edited) I have XP Pro SP3 and IE8 (not connected to a domain). I visited a friend's website and then discovered the IP address of the server that hosts it. I did a tracert (without any switches) to the IP address. The final hop in the path resolved the IP address to his website. I did a reverse lookup against the IP address and found that there are >1500 sites hosted at that IP address so I wondered why it had resolved to his website (rather than one of the many other sites or, more likely, the hosting company). I wondered if it was due to my DNS cache so I closed IE8 then flushed the cache (ipconfig /flushdns). I repeated the tracert and it still resolved the last hop to his website! I rebooted the PC and router then repeated the tracert (without visiting his site) ... it didn't resolve the final hop to his site. Does anyone know what's going on here? Why would the tracert resolve to his site when the server hosts >1500 sites? It doesn't look like it was due to my DNS cache. Edited August 9, 2010 by Iain Quote
Infiltrator Posted August 9, 2010 Posted August 9, 2010 (edited) Each ip address can only point to a single and individual website or domain name. You can't point the same IP address to more than one websites at the same time. You can have multiple ip addresses pointing to a single website or domain and that's the purpose of dns load balancing. But going back to your question, when I did a nslookup on Cnn.com, it returned with an ip address, along with more than 5 ip addresses. When I did a test ping, it returned with an ip address that, did not match to any of the ip address in the nslookup results. I am guessing there must be a bad configuration somewhere. Since yahoo.com only returned me 1 ip address, instead of multiple. Edited August 9, 2010 by Infiltrator Quote
Sparda Posted August 9, 2010 Posted August 9, 2010 Each ip address can only point to a single and individual website or domain name. You can't point the same IP address to more than one websites at the same time. You can have multiple ip addresses pointing to a single website or domain and that's the purpose of dns load balancing. This is quite backwards. You can have many sites hosted at a single IP address (this is how shared hosting work). Each server of a web site (when there are multiple servers) will have it's own IP address, while you can give a server multiple IP addresses, there is no point in doing so. But going back to your question, when I did a nslookup on Cnn.com, it returned with an ip address, along with more than 5 ip addresses. When I did a test ping, it returned with an ip address that, did not match to any of the ip address in the nslookup results. I am guessing there must be a bad configuration somewhere. Since yahoo.com only returned me 1 ip address, instead of multiple. Domains often have many A entries (IPs). If the site is a particularly large site it will have multiple servers hosting it, and each server needs it's own IP, the site then relies upon the client to choose one of the IP addresses of one of the servers and connect to it. Simple mostly effective load balancing. It's quite likely that cnn.com has more than 6 servers hosting it, so the DNS server returns different IP addresses for each query. Back on topic: Yes, it probably is due to your computers DNS cache. If you clear the cache and did the same operation again you will likely find it's domain is the hosting providers site. Quote
Infiltrator Posted August 10, 2010 Posted August 10, 2010 This is quite backwards. You can have many sites hosted at a single IP address (this is how shared hosting work). Each server of a web site (when there are multiple servers) will have it's own IP address, while you can give a server multiple IP addresses, there is no point in doing so. So you are really own a sub-domain instead of a domain is that correct? For instance, google.com/mydomain instead of mydomain.com Quote
Sparda Posted August 10, 2010 Posted August 10, 2010 You have a domain, this domain points to an IP address which is owned by a hosting company and assigned to a web server your site is hosted on. Other people have domains that point to that same server, these domains can be completely different (ilovecake.com and ihatepies.org for example) but they both point to the same IP address, the server can tell the difference between the two sites based on the clients request. This is the basis of which shared hosting works, it allows for a hosting company to buy one server and run hundreds (hopefully not thousands) of sites from that single server. Domain ownership and site hosting are fairly separate issues, the only relationship between them is that the domain name points to the server. Quote
Infiltrator Posted August 10, 2010 Posted August 10, 2010 (edited) You have a domain, this domain points to an IP address which is owned by a hosting company and assigned to a web server your site is hosted on. Other people have domains that point to that same server, these domains can be completely different (ilovecake.com and ihatepies.org for example) but they both point to the same IP address, the server can tell the difference between the two sites based on the clients request. This is the basis of which shared hosting works, it allows for a hosting company to buy one server and run hundreds (hopefully not thousands) of sites from that single server. Domain ownership and site hosting are fairly separate issues, the only relationship between them is that the domain name points to the server. So if I was to set up an Apache web server to host some web sites, I would set up some virtual hosts in the config file, is that correct. Edit: Did a bit of reading on that, so I now understand what you are talking about. Edited August 10, 2010 by Infiltrator Quote
Iain Posted August 10, 2010 Author Posted August 10, 2010 I'm glad that you cleared up Infiltrator's interpretation about what happens. I understood it as you have described, rather than Infiltrator's explanation. Yes, it probably is due to your computers DNS cache. If you clear the cache and did the same operation again you will likely find it's domain is the hosting providers site. After I had seen the unusual tracert output (and final hop resolution to just one site hosted on the server), I closed IE8 completely and cleared the DNS cache (ipconfig /flushdns). I ran tracert again (without IE8 open) but it still reported the final hop as the website. I also examined the DNS cache (ipconfig /displaydns) and the specific website wasn't listed. This made me think that the unusual behaviour wasn't due to DNS cache. I rebooted the router and computer and ran tracert (without opening IE8) but it didn't resolve the last hop to the website but it reported the hosting server! I visited the website (to put the entry into the DNS cache) and ran tracert. It still didn't report the website but retained the hosting server details. I know it's somewhat academic but I'm intrigued to know WHY this happened. I can't conceive of a use, or a misuse, of this behaviour! Quote
Infiltrator Posted August 10, 2010 Posted August 10, 2010 I'm glad that you cleared up Infiltrator's interpretation about what happens. I understood it as you have described, rather than Infiltrator's explanation. Was it to rather difficult for you to understand or what? Its OK don't feel shy you can say! I guess it was my mistake in the first place. I am sorry, I will try to do my best next time. Quote
Iain Posted August 11, 2010 Author Posted August 11, 2010 (edited) Was it to rather difficult for you to understand or what? Its OK don't feel shy you can say! I guess it was my mistake in the first place. I am sorry, I will try to do my best next time. When I saw your response to my initial post, I thought that you were mistaken so I went off and did some research. While I was doing that, Sparda posted his explanation about how several websites can be hosted at a single IP address that concurred with how I understood that it worked. In summary, I did understand your first post ... but it was wrong! We all make mistakes, as you recognised. Having said that, the reason for the unusual tracert output still eludes me. I don't think it's my DNS cache or router because someone else (using different hardware and ISP) has experienced exactly the same display. Edited August 11, 2010 by Iain Quote
VaKo Posted August 11, 2010 Posted August 11, 2010 Have you tried doing a reverse lookup of the IP on a different DNS server? Quote
cabster21 Posted August 15, 2010 Posted August 15, 2010 Welcome to the world of networking. :) CCNA doesn't cut it for the most... Quote
Infiltrator Posted August 23, 2010 Posted August 23, 2010 Welcome to the world of networking. :) CCNA doesn't cut it for the most... It takes time, practice and a lot of effort to understand the world of networking. Its not an easy task. Quote
cabster21 Posted August 27, 2010 Posted August 27, 2010 Yeah, although luckily is pretty damn interesting. Or at least I think it is, you get to play with expensive toys and learn stuff a lot of people don't know about. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.