28

I needed to automatically get my own WAN-IP-address from my router. I found this question and, among others, a solution with dig was proposed:

dig +short myip.opendns.com @resolver1.opendns.com

It works perfectly, but now I want to understand what it is doing. Here is what I (hope to) understand so far (please correct me, if I am wrong):

  • +short just gives me a short output
  • @resolver1.opendns.com is the DNS server, which is asked what IP address belongs to the given domain

What's not clear to me is myip.opendns.com. If I would write www.spiegel.de instead, I would get the IP address of the domain www.spiegel.de, right? With myip.opendns.com I get the WAN-IP of my router. So is myip.opendns.com just emulating a domain, which is resolved to my router? How does it do it? Where does it get my IP from? And how is it different to what webpages, like e.g., www.wieistmeineip.de, are doing? They also try to get my IP.

In the answer of Krinkle on the question I mentioned, it is stated that this "dns-approach" would be better than the "http-approach".  Why is it better and what is the difference?

There has to be a difference, because the WAN-IP I get from dig +short myip.opendns.com @resolver1.opendns.com (ip1) is the one I can also see in the web interface of my router, whereas www.wieistmeineip.de (and other similar sites too) is giving me another IP address (ip2). I could imagine that my ISP is using some kind of sub-LAN, so that my requests to webservers are going through another (ISP-) router which has ip2, so that www.wieistmeineip.de is just seeing this address (ip2). But, again, what is myip.opendns.com doing then?

Additionally: Opening ip1 from within my LAN is giving me the test website from my RasPi, opening it from the outside of my LAN (mobile internet) does not work. Does it mean, that ip1 is no proper "internet IP" but more like a LAN IP?

Scott - Слава Україні
  • 10,519
Beate Bier
  • 383

2 Answers2

26

First to summarize the general usage of dig: it requests the IP assigned to the given domain from the default DNS server. So e.g. dig google.de would request the IP assigned to the domain google.de. That would be 172.217.19.99.

The command you mentioned is:

dig +short myip.opendns.com @resolver1.opendns.com

What this command does is: it sends a request for the IP of the domain myip.opendns.com to the DNS server resolver1.opendns.com. This server is programmed that, if this special domain is requested, the IP the request comes from is sent back.

The reasons why the method of querying the WAN IP using DNS is better were mentioned by krinkle: standardised, more stable and faster.

Note that per default, dig asks for the IPv4 address (DNS A record). If dig establishes a connection to opendns.com via IPv6, you'll get no result back (since you asked for your IPv4 address but have an IPv6 address in use). Thus, a more robust command might be:

dig +short ANY @resolver1.opendns.com myip.opendns.com

This will return your IP address, version 4 or 6, depending on dig's connection. To specify an IP version, use dig -4 or dig -6 as shown in Mafketel's answer.

The reason I could imagine for those two IPs is that your router caches DNS requests and returns an old IP.

Another problem could be DualStack Lite. That is often used by new internet contracts. Do you know whether your ISP is using DS Lite?

Matthias Braun
  • 8,239
tr01
  • 596
  • 6
  • 16
  • -So, if I understand your answer correctly, both methods are using the same mechanism (just looking at the ip, the request came from; but in case of "dns approach" in a more standardised way)? -Whether my ISP uses DS Lite I don't know. How can i find out? -Regarding your idea of my router caching old ... stuff (ips, dns requests?): Could you elaborate on that? – Beate Bier Jan 08 '17 at 22:12
  • Actually I don't think, that's the case. I think, the correct ip is displayed by my router to me. This is also the one that the dig command gives me. But the guy of my ISP on the phone told me, that this ip should not be a "public" one, therefor my raspi is not reachable and these websites are giving me other ips. But then it remains: How are dig and opendns.com getting my "internal" (intermediate-internal) ip? – Beate Bier Jan 08 '17 at 22:15
  • Another option: wget -O - -q icanhazip.com – tread Jan 10 '22 at 07:48
21

Google provides the same service.

For IPv4:

dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com

For IPv6:

dig -6 TXT +short o-o.myaddr.l.google.com @ns1.google.com

where TXT is a DNS record type.

Matthias Braun
  • 8,239
Mafketel
  • 311
  • welcome to U&L, note that accepted answer may or may not work, in my case it didn't work from home (at least from one of my ISP), but ir work from some host at work (2 tested out of many). – Archemar Jan 22 '19 at 13:50
  • 9
    myip.opendns.com still works for me, but I do have to specify the -4 flag if my WAN connection also has a IPv6 IP address. Otherwise it prints nothing. – Jacob Ford Dec 30 '19 at 18:44
  • 1
    For ipv6 via opendns: dig +short -6 myip.opendns.com aaaa @resolver1.ipv6-sandbox.opendns.com – Raman Jul 28 '20 at 17:57
  • You can pipe those commands into sed to remove the closing quotes. dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | sed 's|"||g' dig -6 TXT +short o-o.myaddr.l.google.com @ns1.google.com | sed 's|"||g' – willowen100 Feb 05 '22 at 22:31
  • Interestingly, this only works when using ns*.google.com. When using 8.8.8.8 or 8.8.4.4, bogus values are returned. Not sure why that is, though. – Fonic Oct 18 '22 at 17:57