What's the command-line utility in Windows to do a reverse DNS look-up?

Question

Is there a built-in command line tool that will do reverse DNS look-ups in Windows? I.e., something like <toolname> w.x.y.z => mycomputername

I've tried:

nslookup: seems to be forward look-up only.
host: doesn't exist
dig: also doesn't exist.

I found "What's the reverse DNS command line utility?" via a search, but this is specifically looking for a *nix utility, not a Windows one.

score 287 · Accepted Answer · edited May 17 '16 at 18:24

287

ping -a w.x.y.z

Should resolve the name from the IP address if the reverse lookup zone has been set up properly. If the reverse lookup zone does not have an entry for the record, the -a will just ping without a name.

edited May 17 '16 at 18:24

chicks

3,915
10
29
37

answered Jul 15 '09 at 14:25

Peter

5,513

score 151 · Answer 2 · answered Jul 15 '09 at 14:26

151

nslookup <ip>

Does what you're looking for. It will tell you the server you're querying and the result.

For example:

c:\>nslookup 192.168.101.39
Server: dns1.local
Address: 192.168.101.24

Name: enigma.local
Address: 192.168.101.39

answered Jul 15 '09 at 14:26

Mark Amerine Turner

2,674

abstrask · Answer 3 · 2013-03-31T09:23:31.063

The trouble with "ping" is that it's not strictly a name server lookup tool (like nslookup) - for instance if you ping a hostname, it can be resolved to an IP address by a number of methods: DNS lookup, host file lookup, WINS (god forbid) or NetBIOS broadcast. It can also return a potentially out-dated cached result.

The order in which the methods are tried, depends on the clients' TCP/IP configuration and node type flag:

B-node (1): Broadcast
P-node (2): Peer (WINS only)
M-node (4): Mixed (broadcast, then WINS)
H-node (8): Hybrid (WINS, then broadcast)

To see the node type of the current computer:

C:\>ipconfig /all | find "Node Type"
Node Type . . . . . . . . . . . . : Hybrid

If the resolution method is of no concern, use

ping -a w.x.y.z

or

nslookup w.x.y.z

as you please. If you need to be sure you're querying your DNS server for the correct name, use nslookup.

See also

Tech-FAQ: NetBIOS Node Types
Wikipedia: NetBIOS: Node types
Microsoft: TCP/IP and NBT configuration parameters for Windows XP (search for "NodeType")

score 41 · Answer 4 · edited Mar 14 '18 at 15:12

Use NSLOOKUP with the "-type=ptr" parameter to query the IP address, syntax:

nslookup -type=ptr 1.2.3.4

Then the "in-addr.arpa" entry is also printed (even when not found), for example:

C:\Users\UserName>nslookup -type=ptr 8.8.8.8
Server:  MyDnsServerName
Address:  X.X.X.X

Non-authoritative answer:
8.8.8.8.in-addr.arpa    name = google-public-dns-a.google.com

Compared to the lower fidelity response when using NSLOOKUP on an IP address without the type parameter:

C:\Users\UserName>nslookup 8.8.8.8
Server:  MyDnsServerName
Address:  X.X.X.X

Name:    google-public-dns-a.google.com
Address:  8.8.8.8

score 14 · Answer 5 · answered Jul 15 '09 at 14:29

14

nslookup will do reverse DNS on windows just as it can do it on linux.

Of course, there isn't a reverse entry for every ip address

answered Jul 15 '09 at 14:29

theotherreceive

8,445

score 10 · Answer 6 · answered Jul 15 '09 at 14:30

10

Use nslookup like this:

nslookup -type=PTR  127.0.0.1

answered Jul 15 '09 at 14:30

ko-dos

1,397

score 8 · Answer 7 · answered Oct 16 '20 at 15:53

11 years have passed and Windows Powershell ships with every release of Windows Server and Client.

 Resolve-DnsName 8.8.8.8
Name                           Type   TTL   Section    NameHost

8.8.8.8.in-addr.arpa           PTR    86400 Answer     dns.google
8.8.8.in-addr.arpa             NS     3600  Authority  ns2.google.com
8.8.8.in-addr.arpa             NS     3600  Authority  ns3.google.com
8.8.8.in-addr.arpa             NS     3600  Authority  ns1.google.com
8.8.8.in-addr.arpa             NS     3600  Authority  ns4.google.com
Name       : ns1.google.com
QueryType  : A
TTL        : 193102
Section    : Additional
IP4Address : 216.239.32.10
Name       : ns1.google.com
QueryType  : AAAA
TTL        : 193102
Section    : Additional
IP6Address : 2001:4860:4802:32::a
Name       : ns2.google.com
QueryType  : A
TTL        : 193102
Section    : Additional
IP4Address : 216.239.34.10
Name       : ns2.google.com
QueryType  : AAAA
TTL        : 193102
Section    : Additional
IP6Address : 2001:4860:4802:34::a
Name       : ns3.google.com
QueryType  : A
TTL        : 193102
Section    : Additional
IP4Address : 216.239.36.10
Name       : ns3.google.com
QueryType  : AAAA
TTL        : 193102
Section    : Additional
IP6Address : 2001:4860:4802:36::a
Name       : ns4.google.com
QueryType  : A
TTL        : 193102
Section    : Additional
IP4Address : 216.239.38.10
Name       : ns4.google.com
QueryType  : AAAA
TTL        : 193102
Section    : Additional
IP6Address : 2001:4860:4802:38::a

score 7 · Answer 8 · answered Jul 15 '09 at 14:30

7

You can use the standard NSLOOKUP command:

nslookup 123.123.123.123

In order to get a result there has to be a PTR record registered for the IP address in question.

answered Jul 15 '09 at 14:30

splattne

28,776

score 6 · Answer 9 · answered Jul 15 '09 at 14:25

nslookup will do reverse lookups in Windows.

C:\>nslookup star.slashdot.org

Server:  my-dns-server
Address:  10.242.0.1

Name:    star.slashdot.org
Address:  216.34.181.48

C:\>nslookup 216.34.181.48

Server:  my-dns-server
Address:  10.242.0.1

Name:    star.slashdot.org
Address:  216.34.181.48

score 4 · Answer 10 · edited Jun 11 '20 at 10:02

4

Under Windows....

Standard ping does NOT return host name of IP address

NSLookup can be used to find this info, if DNS is setup properly

Procedure as follows:

Open DOS prompt

NSLookup

set type=ptr

a.b.c.d

Results will be shown with reverse DNS server address, and host name

edited Jun 11 '20 at 10:02

Community

1

answered Jun 03 '14 at 17:11

Ivo van Selst

41

score 4 · Answer 11 · answered Jun 03 '14 at 17:19

4

9 answers and no one said how to reverse lookup with dig? Its the best

dig -x w.x.y.z

Also, you can add "+short" for use in bash loops, scripts, etc.... forward or reverse :)

answered Jun 03 '14 at 17:19

nandoP

2,067

sweetfa · Answer 12 · 2016-10-17T03:41:00.470

2

There is yet another way. Reverse the IP address and use nslookup

nslookup -type=PTR 4.3.2.1.in-addr.arpa

to resolve the address 1.2.3.4

edited Oct 17 '16 at 03:41

answered Oct 14 '16 at 04:54

sweetfa

457

score 1 · Answer 13 · answered Feb 15 '17 at 03:09

1

If nslookup, dig, host does not exists, try this:

getent hosts google.de | awk '{ print $1 }'

Works e.g. on docker AWS ec2 instances (which really don't have anything installed)

answered Feb 15 '17 at 03:09

Felix

111

score 0 · Answer 14 · answered Jul 20 '20 at 11:21

In case there's no reverse ptr for ping -a <ip> or nslookup <ip> to show, you can run ipconfig /displaydns | clip, open a text editor, paste, and search for the IP there.

Note that this will work only if the original DNS query was done via the Windows DNS resolver - some apps do their own DNS queries, like newer browsers using DNS-over-HTTPS.

Example:

> ping -a 151.101.193.69
Pinging 151.101.193.69 with 32 bytes of data:
(...)
> ipconfig /displaydns | clip
(Open notepad, paste, search for 151.101.193.69)
serverfault.com
----------------------------------------
Record Name . . . . . : serverfault.com
Record Type . . . . . : 1
Time To Live  . . . . : 450
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 151.101.193.69

What's the command-line utility in Windows to do a reverse DNS look-up?

14 Answers14