What's the reverse DNS command line utility?

Question

What's the command to find the name of a computer given its IP address?

I always forget what this command is, but I know it exists in Windows and I assume it exists on the *nix command-line.

score 138 · Accepted Answer · edited Jun 13 '22 at 20:42

138

The commands dig and host should be what you're looking for ;)

On *nix systems, you can use this command:

dig -x [address]

Alternatively, you can add +short at the end of the dig command to output only the DNS result.

There's also nslookup on both *nix and Windows systems for reverse DNS requests.

edited Jun 13 '22 at 20:42

sysadmin1138

135,853

answered May 11 '09 at 15:54

Marc-Andre R.

2,877

score 76 · Answer 2 · edited Feb 02 '15 at 06:50

76

On *nix you can use:

dig -x [address]

edited Feb 02 '15 at 06:50

Giacomo1968

3,553
29
42

answered May 11 '09 at 15:56

palehorse

4,489

StackzOfZtuff · Answer 3 · 2024-09-04T14:09:29.477

Try "host"

Forward lookup with host:

$ host google-public-dns-b.google.com.
google-public-dns-b.google.com has address 8.8.4.4
google-public-dns-b.google.com has IPv6 address 2001:4860:4860::8844

Reverse lookup with host:

$ host 8.8.4.4
4.4.8.8.in-addr.arpa domain name pointer google-public-dns-b.google.com.

Similar to dig

Forward lookup with dig:

$ dig google-public-dns-b.google.com. +short
8.8.4.4

Reverse lookup with dig (you need the extra -x option):

$ dig -x 8.8.4.4 +short
google-public-dns-b.google.com.

BTW: dig is picky about its command line options ordering:

dig -x 8.8.4.4 +short works.
dig +short -x 8.8.4.4 works.
dig -x +short 8.8.4.4 does not work.

Try "rdt"

It takes a little more setup. But if you do this, then you can run this "rdt" PHP script from the command line and it's quite wonderful. It does a few back and forth trips between forward and reverse lookups. (rdt was formerly known as rdns-trace.php. "RDNS" is short for "reverse DNS".)

Download from here: https://github.com/grawity/code/blob/main/rdt

Example. This is what it looks like when it's working:

$ rdt google-public-dns-b.google.com.
google-public-dns-b.google.com. = 2001:4860:4860::8844, 8.8.4.4
   2001:4860:4860::8844 = dns.google
      dns.google = 2001:4860:4860::8844, 2001:4860:4860::8888, 8.8.4.4, 8.8.8.8
         2001:4860:4860::8888 = dns.google
         8.8.8.8 = dns.google
   8.8.4.4 = dns.google

score 11 · Answer 4 · answered May 13 '09 at 05:42

11

On most of the Linux systems that I am aware of you can use:

 nslookup <ip-number EX: 127.0.0.1>

will work on the command line.

Come to think of it, isn't nslookup available on Windows XP?

answered May 13 '09 at 05:42

mdpc

11,914

score 4 · Answer 5 · answered May 11 '09 at 16:41

I'm well aware that dig/host/nslookup are the standard tools for these, but I keep these around for testing the OS's resolution (essentially, to test nsswitch.conf is working correctly):

gethostbyname:

#!/usr/bin/perl

use Socket;

my @t = gethostbyname($ARGV[0]);
print "\$name     = $t[0]\n"; shift(@t);
print "\$aliases  = $t[0]\n"; shift(@t);
print "\$addrtype = $t[0]\n"; shift(@t);
print "\$length   = $t[0]\n"; shift(@t);

foreach (@t) {
  print "          = ", inet_ntoa($_), "\n";
}

gethostbyaddr:

#!/usr/bin/perl

use Socket;

my @t = gethostbyaddr(inet_aton($ARGV[0]), AF_INET);
print "\$name     = $t[0]\n"; shift(@t);
print "\$aliases  = $t[0]\n"; shift(@t);
print "\$addrtype = $t[0]\n"; shift(@t);
print "\$length   = $t[0]\n"; shift(@t);

foreach (@t) {
  print "          = ", inet_ntoa($_), "\n";
}

example:

g3 0 /home/jj33/swap > gethostbyname www.google.com
$name     = www.l.google.com
$aliases  = www.google.com
$addrtype = 2
$length   = 4
          = 72.14.205.147
          = 72.14.205.103
          = 72.14.205.104
          = 72.14.205.99
g3 0 /home/jj33/swap > gethostbyaddr 72.14.205.147 
$name     = qb-in-f147.google.com
$aliases  = 
$addrtype = 2
$length   = 4
          = 72.14.205.147

score 4 · Answer 6 · answered May 11 '09 at 16:53

4

On Windows I got in to the habit of using:

ping -a <ip address>

as this will also reflect data from your hosts file and WINS and so on.

answered May 11 '09 at 16:53

David Webb

431

Hayden Schiff · Answer 7 · 2016-02-03T23:55:35.283

This question already has a million answers, but I'm gonna add another one. Here's a little function I wrote for easily doing reverse DNS with dig. Add this to your ~/.bashrc file, reload your shell, and then you can do reverse DNS lookups with revdns 1.2.3.4:

function revdns() {
    octets=""
    addr="in-addr.arpa"

    # split the IP address into an array of octets
    IFS="." read -r -a octets <<< "$1"

    # add each octet to our $addr string in reverse order
    for octet in "${octets[@]}"; do
         addr=$octet"."$addr
    done

    # run a DNS pointer lookup with dig
    # `+short` makes dig's output very terse (un-verbose)
    # `"${@:2}"` passes any extra params from this command to dig
    dig ptr +short $addr "${@:2}"
}

Reverse DNS lookups are done by checking the pointer (PTR) records. If you wanna do reverse DNS for "1.2.3.4", you have to lookup pointer records for "4.3.2.1.in-addr.arpa". My function takes in an IP address, reverses the order of the octets (i.e. changes it from 1.2.3.4 to 4.3.2.1), and then uses dig to execute the PTR lookup I just described.

You can, of course, just use nslookup 1.2.3.4 if you have it, but I prefer this dig-based solution because it uses the OS' DNS servers instead of nslookup-provided ones (if you want, by the way, you can add additional dig flags when you call revdns, and they will get passed to dig)

score 3 · Answer 8 · answered May 11 '09 at 15:57

If you're using nslookup it's this (assuming 192.168.0.1 as the IP in question)

> set type=ptr
> 1.0.168.192.in-addr.arpa

EDIT: Remember a reverse lookup only works if there is a PTR record created for the IP, and it's not guaranteed to return the hostname you're looking for. Completely depends on how DNS is configured and maintained in your situation.

score 2 · Answer 9 · answered May 12 '09 at 10:36

2

Powershell:

[net.dns]::gethostentry("69.59.196.212").HostName

answered May 12 '09 at 10:36

Richard

5,374

score 1 · Answer 10 · answered Jan 28 '10 at 20:43

I prefer the command-line dig for Windows (available here: http://members.shaw.ca/nicholas.fong/dig/) to nslookup any day.

If you have to test/administer DNS from a Windows workstation, grab this tool. Then:

C:\dig>dig -x <IP Address>

...also, remember to add c:\dig to your path!

score 1 · Answer 11 · answered Nov 03 '24 at 04:09

1

The systemd way to resolve a hostname:

resolvectl query [hostname]

and for the reverse lookup by address:

resolvectl query [address]

This is useful for space-minimized systems that do not have host, nslookup, nor dig installed.

answered Nov 03 '24 at 04:09

jamesy

21

score 0 · Answer 12 · answered Dec 20 '22 at 17:35

0

Here are some command line tools for reverse DNS:

Dig:

dig -x [IP Address]

Nslookup:

nslookup -type=ptr [IP Address]

Host:

host [IP Address]

answered Dec 20 '22 at 17:35

Tahmid Bin Rashid

101

score 0 · Answer 13 · answered Nov 24 '24 at 14:56

0

On Linux with Unbound DNS resolver installed:

unbound-host [address]

answered Nov 24 '24 at 14:56

Pro Backup

1,024

score 0 · Answer 14 · answered May 11 '09 at 15:56

0

Well, some friendly person just wrote nslookup is the command, and he's right. It works on both Unix and Windows. Not sure why you deleted your answer, but you are correct sir.

answered May 11 '09 at 15:56

Peter Turner

2,528

score -1 · Answer 15 · answered Sep 22 '09 at 16:25

-1

nbtstat -a < ip address >

answered Sep 22 '09 at 16:25

Peter Turner

2,528

score -1 · Answer 16 · answered Oct 04 '18 at 20:43

-1

Her's my take on a more complete DNS reverse lookup. Hope this will come in handy to future viewers of this page.

for ip in {1..254..1}; do dig -x 1.1.1.$ip | grep $ip >> dns.txt; done;

answered Oct 04 '18 at 20:43

Boschko

137

What's the reverse DNS command line utility?

16 Answers16

Try "host"

Similar to dig

Try "rdt"

Linked