First, there is no way for DNS to lookup all hostnames that point to an IP address. Or, all the aliases pointing to a canonical name. It can lookup the PTR records for an IP address. Usually, this is a single name, the primary name for a host. PTR records can not use aliases.

If you have access to the complete zone files for the domains you care about, then you can search the zone files. There are some modules for parsing zone files. I find that grep works pretty well.

Third, you need to distinguish between URLs, hosts, and web sites. URLs contain host names. You can make http URLs from hostnames if you assume that they all are used for web sites.

Fourth, there is no way to know if two hostnames on the same IP address are the same web site without knowing the web server configuration. The server could be using IP addresses, names, or both to do virtual hosting. The same web site could be hosted on multiple IP addresses.