HowTo Test or Check Reverse DNS on Linux / Unix

by on December 14, 2006 · 21 comments· LAST UPDATED February 7, 2014

in , ,

I am a new Linux and Unix command line user. How do I test or check reverse DNS for given IP address under Linux, OS X, BSD, Unix-like or Windows XP/Server 2003 based systems?

Reverse DNS lookup (also known as rDNS) is a process to determine the hostname associated with a given IP address.

Typically, the DNS is used to determine what IP address is associated with a given hostname; so to reverse resolve a known IP address is to lookup what the associated hostname for it. A reverse lookup is often referred to simply as reverse resolving, or more specifically reverse DNS lookups.

Tutorial details
DifficultyEasy (rss)
Root privilegesNo
RequirementsNone
Estimated completion time1m
The most common uses of the reverse DNS are:

  1. Anti-spam
  2. Network troubleshooting
  3. Avoid spammers and phishers using a forward confirmed reverse DNS etc

You can use standard UNIX / Linux utilities such as nslookup command, dig command or host command to find out reverse DNS of a given IP address.

Task: Find Reverse DNS for IP 75.126.43.235 under Linux/UNIX

Type the following host command:
$ host ip-address-here
$ host 75.126.43.235

Sample outputs:

235.43.126.75.in-addr.arpa domain name pointer cyberciti.org.

In this example output, IP 75.126.43.235 is reverse mapped to cyberciti.org. Here is another reverse lookups done using dig command:
$ dig -x ip-address-here
$ dig -x 75.126.153.206

Sample outputs:

; <<>> DiG 9.8.3-P1 <<>> -x 75.126.153.206
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39113
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;206.153.126.75.in-addr.arpa.	IN	PTR
 
;; ANSWER SECTION:
<strong><span style='color: rgb(0, 153, 0);'>206.153.126.75.in-addr.arpa. 20975 IN	PTR	www.cyberciti.biz.</span>
</strong>
;; Query time: 32 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb  8 04:40:28 2014
;; MSG SIZE  rcvd: 76

Hiding additional display info while doing reverse ip lookup using dig command

You can only display the answer section of a reply with +answer option and clear all other display info with +noall option as follow:

 
dig +noall +answer -x 75.126.153.206
 

Sample outputs:

206.153.126.75.in-addr.arpa. 80127 IN	PTR	www.cyberciti.biz.

Task: Find Reverse DNS for IP 75.126.43.235 under Linux/UNIX/Windows

nslookup works under Windows and UNIX like oses:
nslookup ip-address-here
nslookup 75.126.43.235

Output:

Server:         208.67.222.222
Address:        208.67.222.222#53
Non-authoritative answer:
235.43.126.75.in-addr.arpa      name = cyberciti.org.
Authoritative answers can be found from:

Demo: Reverse IP lookup on Linux, Unix, OS X and MS-Windows

Animated gif: host, dig, and nslookup command in action

Animated gif: host, dig, and nslookup command in action

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 21 comments… read them below or add one }

1 Sha8e September 29, 2007 at 2:22 pm

Vivek,

How r u man?
Vivek, how can I do a reverse ip check to a domain or box in order to know what websites is hosted on that box ?

I need a linux COMMAND not solving it using a website. Can u help me ?

Reply

2 Mohammad Mateen March 13, 2008 at 9:25 am

its very simple

dig -x IP (209.267.166.166)

Reply

3 Paul Seminario July 13, 2009 at 2:47 am

Hi… Please help me… Can u tell me a commands to make a reverse dns record in my server?
Thansk….
Paul S.

Reply

4 Wisut Petsakul August 4, 2009 at 9:03 am

Very userful , Thanks.

Reply

5 mccalni December 21, 2009 at 11:26 am

Excellent. Thank you.

Reply

6 Nime June 3, 2010 at 10:10 pm

@echo off

REM //NSLOOKUP batch check utility v1.0
REM //Author: Emin Akbulut eminakbulut@gmail.com
REM //Date: 03 June 2010
REM //This code is freeware
REM //Usage: Modify the DNS and host lists below, at line 23, then simply run the batch file.

SET timeout=5

IF “%1″ == “/check” GOTO loopit

:start
cls
if exist %0.log del %0.log > nul %2>nul
if exist %0.bat.log del %0.bat.log > nul %2>nul
echo —————————————
echo Starting… %date% %time:~0,8%
echo —————————————
echo Report created on %date% %time:~0,8% >> %0.log
REM %%A for DNS Servers list, %%B for target hosts to be checked
FOR %%A IN (195.175.39.39 195.175.39.40 8.8.8.8) DO FOR %%B IN (google.com yourdomain.com mail.yourdomain.com) DO CALL %0 /check %%A %%B

echo ————————————— >> %0.log
echo —————————————
echo Done. Press any key to examine the log file…
Pause > nul
start notepad “%~0.log”
GOTO done

:loopit
echo ————————————— >> %0.log
echo nslookup %3 %2
echo nslookup %3 %2 >> %0.log
nslookup -timeout=%timeout% %3 %2 >> %0.log 2>nul

:done

Reply

7 michal July 14, 2010 at 12:33 pm

nslookup has been obsolete for loooong time. I advise to not to waste your precious time learning utility, that is not supported any more.

Reply

8 Mpho October 26, 2010 at 1:54 pm

Please tell me how do i monitor DNS, DHCP, Wins on my server

Reply

9 Nime October 26, 2010 at 3:05 pm

To monitor DNS you may use my script.

To test DHCP LOCALLY, the commands to inspire are:

REM Set automatic IP
netsh interface ip set address name=”LAN” dhcp
REM Set automatic DNS
netsh interface ip set dns “LAN” dhcp

I don’t know much about WINS…

Reply

10 techie talks March 4, 2011 at 1:37 am

dig -x is good enough. Thanks!

Reply

11 J_S_P May 24, 2011 at 5:36 pm

This might be silly… but I have to ask!

So the output is “235.43.126.75.in-addr.arpa domain name pointer cyberciti.org.”

Is “cyberciti.org” the CNAME in this case? If you look up other IP’s you get crazy outputs with dashes and long names which look like a CNAME. Is it too redundant to have yet another reverse entry for a CNAME?

Reply

12 nixCraft May 24, 2011 at 7:25 pm

No that is actual reverse entry. Our IP was changes some time ago. To get desired output try

 host 75.126.153.206
206.153.126.75.in-addr.arpa domain name pointer www.cyberciti.biz.

Reply

13 Rocky June 14, 2011 at 2:50 pm

Hi Vivek,

for reverse lookup, do i need to provide domain name or hostname of my server to my isp from which i got public ip?
Domain name is example.com
hostname is abc.example.com

Thanks,
Rocky

Reply

14 Digital Extreme Media Group July 11, 2011 at 11:34 pm

Thanks for sharing. This is a good way to see if your ns1. and ns2 are set correctly.

Reply

15 Akula August 14, 2011 at 8:33 am

Hi,

Can you please tell me how to create this reverse to records? I have 2 dedicated servers, 203.230 (ns1) / 200.254 (ns2), from localhost command ‘nslookup ip’ reply’s succes but from internet still not working, can you please create an full example?

Kind Regards

Reply

16 David Amormino September 27, 2011 at 2:15 am

This bash example should print all the hosts from 192.168.1.1 throught .254. (You could edit the IP address lines to suit your network, perhaps.)

rdns.sh:

#!/bin/bash
for i in {1..254}
do
  myhostname=`host 192.168.1.$i`
  if [ "$?" -eq 0 ]; then
    echo -ne $i
    echo -ne "\t"
    echo -ne "IN"
    echo -ne "\t"
    echo -ne "PTR"
    echo -ne "\t"
    echo `echo $myhostname | cut -d " " -f 5`
  fi
done

I use this to generate rdns (reverse dns) files for my bind9 name server:

bash rdns.sh >> /etc/bind/db.192

I still need to put the correct lines in at the top of the db.192 file (from db.empty), but it accomplishes most of what I am after.

Reply

17 DotMG September 27, 2011 at 7:56 am

As far as I know, the fastest and simplest way to set rDNS is to ask your Server Provider. They do it manually.

Reply

18 Akula September 27, 2011 at 12:09 pm

You are right only the provider can create rdns.

Thank You

Reply

19 Tommy Joe February 7, 2012 at 10:37 pm

I have been asked to check our own DNS and WINS servers to make sure we have all the correct controller details for the ???? Domain are present.
Reason is We are currently arranging to move the PDC emulator role this week from IC?????? to BD??????

Reply

20 Bob Pelerson December 27, 2012 at 6:40 pm

note that you can use drill or dig on BSD too – not just Linux

Reply

21 Waqas April 16, 2013 at 4:14 am

Q1) I want to block the users to access the ptv.com website for some user and only for a time while like 1/3 week.how it is possible?
Q2) other user can not use the internet I want to block the internet of the user.how it is possible?
Q3) some user can open only permission webistes which I want to allow them like google/gmail/hotmail etc etc but can not access the yahoo/wwe websites.how it is possible?
Q4) how to block the USB storage devices in Win Xp because when we make a policy to remove all storage device deny all then the option shows that atleast Win Vista. what does it mean?
Q5) how DNS can take direct IP in the forward and reverse zone?
Q6) why we use router in DHCP server?
Q7) I saw if someone is uses in DNS server
DNS IP 192.168.30.1
subnet mask 255.255.255.0
default gateway 192.168.30.2
preferred DNS 192.168.30.1
alternate DNS 192.168.30.254
then it uses in DHCP server
router IP 192.168.30.2
why it uses this IP only in the router?why DHCP server can not validate the alternate DNS when we install the DHCP server?
Q8) I want to allow only 2 user they can change the time and date.how it is possible?

give me the full description on my email id
waqasanwer1@gmail.com
with each step should be mention in the snapshot
thank you
for an advance to help me

Reply

Leave a Comment

Tagged as: , , , , , , ,

Previous Faq:

Next Faq: