Resolving Public IP and Hostname Mappings Using dig and openssl

 In day-to-day infrastructure troubleshooting, especially in hybrid and cloud environments, verifying DNS mappings and certificate bindings is a routine yet critical task. Whether validating load balancer configurations, troubleshooting SSL issues, or confirming external exposure of services, having quick command-line methods can save significant time.

This article walks through two practical techniques:

  1. Identifying the public IP mapped to a DNS hostname

  2. Identifying the public hostname(s) associated with a public IP via SSL certificate inspection

1. Finding the Public IP Address for a Hostname

To determine the IP address associated with a public DNS record, the dig command is both simple and reliable.

Command

dig +short <public_url_hostname>

Example

dig +short example.mycompany.com

What It Does

  • Queries the DNS system for the A record.

  • +short ensures only the IP address is returned.

  • Works for publicly resolvable DNS records.

Sample Output

203.0.113.10

When to Use This

  • Validating DNS propagation

  • Confirming load balancer IP mapping

  • Verifying cutover during migrations

  • Troubleshooting connectivity issues

This is often the first step in confirming whether a hostname resolves to the expected public endpoint.

2. Finding Hostname(s) Mapped to a Public IP Using SSL Certificate

Reverse DNS lookups do not always return the expected hostname. However, if the server presents an SSL certificate, you can extract the Subject Alternative Names (SAN) from the certificate to identify the DNS names associated with that endpoint.

Command

openssl s_client -connect <public_url_host>:<port> -servername dummy </dev/null 2>/dev/null | \
openssl x509 -noout -text | grep DNS

Example

openssl s_client -connect 203.0.113.10:443 -servername dummy </dev/null 2>/dev/null | \
openssl x509 -noout -text | grep DNS

What This Command Does

  • openssl s_client -connect
    Establishes an SSL/TLS connection to the target IP and port.

  • -servername dummy
    Enables SNI (Server Name Indication). Some servers require SNI during TLS negotiation.

  • </dev/null 2>/dev/null
    Suppresses interactive input and hides connection noise.

  • openssl x509 -noout -text
    Extracts certificate details.

  • grep DNS
    Filters the output to display only DNS entries under the Subject Alternative Name section.

Sample Output

DNS:example.mycompany.com, DNS:www.example.mycompany.com

When to Use This

  • Identifying which hostname a public IP is serving

  • Validating SSL certificate bindings

  • Troubleshooting multi-domain load balancers

  • Confirming SAN entries after certificate renewal

Important Notes

  • This method works only if the service exposes an SSL certificate.

  • If multiple virtual hosts exist behind the same IP, SNI may affect which certificate is presented.

  • The certificate may contain multiple DNS entries.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)