Synopsis¶

orlookup [--start-date=YYYY/MM/DD]
         [--end-date=YYYY/MM/DD]
         [--address=IP_SPEC]
         [--name=NAME_PATTERN]
         [--source=SOURCE[, SOURCES]]
         [--config-file=FILE_PATH]

orlookup --help

Description¶

orlookup tools allows you to look up mappings between domain names and IP addresses as observer by Orcus on different days. Typical use involves either looking up the hostnames associated with a known IP address or looking up the IP addresses associated with a known hostname.

This mapping from names to addresses and back is kept with daily time resolution. Note that it’s possible that a name mapping was cached outside this time window: a host might look up “google.com” and then continue to use the same IP address for some time before refreshing the lookup.

For more on the details of the Orcus name database, see the Orcus documentation. To query the Orcus resource record database, instead see the orquery(1) tool.

Output¶

On standard out, orlookup produces a one-line header with column names and then a series of records one per line. Columns are separated by pipe characters (“|”). The columns are “date”, “name”, “address”, and “source”, containing the date of the mapping, the domain name, the associated address, and the source of the mapping. For details about the source, see --source.

As with all Orcus tools, domain names are output in reversed order for easier lexicographic sorting.

For example:

date|name|address|source
1970-01-01|org.sample|127.0.0.1|A
1970-01-01|com.sample|192.168.1.1|C
...

Options¶

--start-date YYYY/MM/DD¶

Determines the first day to give results for. Days are given in UTC. Defaults to the current day.

--end-date YYYY/MM/DD¶

Determines the last day to give results for. Days are given in UTC. Defaults to the value given for --start-date.

--address IP_SPEC¶

Gives results for addresses that match IP_SPEC. See orquery(1) for details on the syntax of IP_SPEC. If both --address and --name are given, only results that match both are returned.

--name NAME_PATTERN¶

Gives results for names that match NAME_PATTERN. See orquery(1) for details on the syntax of NAME_PATTERN. If both --name and --address are given, only results that match both are returned.

--source SOURCE[, SOURCES]¶

Gives results for names that come from the given sources. The possible name sources are reverse name lookups (DNS “PTR” records) (“P”), address records (both DNS “A” and “AAAA” records) (“A”), and via name aliases (DNS “CNAME” records) (“C”).

Only the most precise source is returned for each name-address pair. If a reverse name mapping is available, the source “P” will be returned whether or not any “A” or “C” records exist. If an address mapping is available, the source “A” wil be used unless a reverse name mapping is available, even if a CNAME mapping is available. And “C” will only be used if no reverse or forward name mapping for the pair is available.

This is only for each individual name-address pair, however. If one address is available via address mapping and another via reverse lookup, both will be returned with different sources.

--config-file FILE_PATH¶

Read the orcus.conf(5) configuration file from FILE_PATH instead of searching for it in a default location.

Files¶

${PREFIX}/etc/orcus.conf
/etc/orcus.conf

These are possible locations for a default Orcus configuration file, if no configuration is provided on the command-line.

See Also¶

orquery(1), orloader(8), orcus.conf(5)