Monday, July 28, 2008

How to do reverse DNS lookup

Most people can better remember domain names, e.g., www.gnu.org, than their corresponding IP addresses, 199.232.41.10. (In this example, www.gnu.org is the home of the Free Software Foundation.) We delegate the responsibility to machines, aka, the DNS servers, to resolve the domain names for us.

Sometimes, we do need to manually lookup the IP address of a domain name. You may already be familiar with the nslookup command which is now deprecated. We use the dig command to make DNS queries.
 $ dig +noall +answer www.gnu.org
www.gnu.org. 67 IN CNAME gnu.org.
gnu.org. 67 IN A 199.232.41.10


The IP address is displayed in the A record, and is 199.232.41.10.

The +noall, +answer combination basically tells dig to only report the answer of the DNS query and skip the rest of the output.

You can also use the dig command with the -x option to do a reverse DNS lookup. A reverse DNS lookup means you want to look up the domain and host name of an IP address.

 $ dig +noall +answer -x 199.232.41.10
10.41.232.199.in-addr.arpa. 36000 IN CNAME rev-c41-10.gnu.org.
rev-c41-10.gnu.org. 300 IN PTR www.gnu.org.


The PTR record is the one that contains the domain host name. The domain name is, as you expect, www.gnu.org.

Note that PTR records are not required for IP addresses. If a PTR record is not defined for an IP address, you cannot do a remote DNS lookup.

8 comments:

Anonymous said...

On most systems, this is more easily done using the host() command:

$ host gnu.org
gnu.org has address 199.232.41.10
gnu.org mail is handled by 10 mx10.gnu.org.
gnu.org mail is handled by 20 mx20.gnu.org.
$ host 199.232.41.10
10.41.232.199.in-addr.arpa is an alias for rev-c41-10.gnu.org.
rev-c41-10.gnu.org domain name pointer www.gnu.org.

وظائف said...

thanks you ,very nice
but how can i dig for everything related to my domain,
it means anything affect my domain since it's rendered throw headers .. and till it cameback to browser
couse sometimes i have problems in my domain and ISP tells it server issue and server tell it's ISP issue :(

esvom. said...

thank you so much, very useful.

Anonymous said...

How to get PTR and SOA information together using one command in dig?

Anonymous said...

Or you can just use the nslookup command.

Unknown said...

The problem is that they all give you the pretty name (with a dot suffix) if you try to place it in etc hosts file and use java InetAddress.getLocalhost you're in trouble

Unknown said...

Old thread but since I just worked with this kind of problem I thought I might post a link to my take on this. In order to extract domain info from a IPv4 address I try to pull a certificate from the IP endpoint. Useful in some cases, not a very predictable way of doing things of course but with a surprisingly high rate this is just the information that you want (or that I wanted anyway...).

https://github.com/svenberglund/cdn-transparency-revdns

Unknown said...

Need help trying to get ip address to see who posted a video ip address .216.18.160.216.18.191.255