
Get IP block (range) by a single nameserver

http://serverfault.com/questions/126243/finding-all-currently-used-ip-addresses-of-website

You can do it reliably, but the list of IP addresses can and will change over time, so you have to do it again from time to time.

For blocking companies with lots of IP addresses, you first need to find their autonomous system number. This is relatively easy; it'll be in the whois record for any of their IP addresses.

These examples use GNU jwhois, which normally appears on Linux systems. You may have to massage the commands slightly for other whois clients.

$ host www.facebook.com
www.facebook.com is an alias for star.c10r.facebook.com.
star.c10r.facebook.com has address 173.252.120.6
star.c10r.facebook.com has IPv6 address 2a03:2880:2130:cf05:face:b00c:0:1
star.c10r.facebook.com mail is handled by 10 msgin.t.facebook.com.

$ whois -h whois.radb.net 173.252.120.6 | grep origin
origin:     AS32934
origin:     AS38621

Make sure it actually belongs to Facebook. If you're blocking a small website that doesn't have their own AS, you don't want to do this, as you'll block other people as well. For instance, not all of the ASNs returned above are actually Facebook's.

$ whois -h whois.radb.net AS32934
$ whois -h whois.radb.net AS38621

Now we know which is Facebook's ASN; let's get their IPv4 address ranges.

$ whois -h whois.radb.net -- -i origin -T route AS32934 | grep route: 

And finally their IPv6 address ranges.

$ whois -h whois.radb.net -- -i origin -T route6 AS32934 | grep route6:

Repeat for all their ASNs, if they actually have more than one.

This is just a demo to show how easily the information can be obtained. You can work these into a script at your convenience. Also note that some of the returned ranges may overlap; how you deal with this is between you and your firewall.

______________________________________
dherzog@xs9: host tyimg.com                                                      
tyimg.com has address 121.40.212.94

dherzog@xs9: whois -h whois.radb.net 121.40.212.94 | grep origin                 
origin:     AS17672
remarks:    which is being exported under this origin AS.
remarks:    route object with the same origin was found, and

dherzog@xs9: whois -h whois.radb.net AS17672                                     
aut-num:      AS17672
as-name:      CHINATELECOM-HE-AS-AP
descr:        asn for Hebei Provincial Net of CT
country:      CN
remarks:      For routing problems with this ASN contact the admin-c
admin-c:      CH93-AP
tech-c:       YY246-AP
notify:       yuyuan@cndata.com
mnt-by:       MAINT-CHINANET
changed:      hm-changed@apnic.net 20021118
source:       APNIC

dherzog@xs9: whois -h whois.radb.net -- -i origin -T route AS17672 | grep route: 
route:      123.183.192.0/18
route:      121.40.128.0/19
route:      121.40.208.0/21
route:      121.40.216.0/21
route:      121.40.224.0/21
route:      121.40.232.0/21
route:      121.40.248.0/21
route:      124.240.104.0/21
route:      203.80.144.0/20
route:      211.155.112.0/20
route:      211.155.96.0/20
route:      123.183.192.0/18