Reverse DNS lookup (also known as rDNS) is a process to determine the hostname associated with a given IP address.
Typically, the DNS is used to determine what IP address is associated with a given hostname; so to reverse resolve a known IP address is to lookup what the associated hostname for it. A reverse lookup is often referred to simply as reverse resolving, or more specifically reverse DNS lookups.
The most common uses of the reverse DNS are:
- Network troubleshooting
- Avoid spammers and phishers using a forward confirmed reverse DNS etc
Task: Find Reverse DNS for IP 126.96.36.199 under Linux/UNIX
Type the following host command:
$ host ip-address-here
$ host 188.8.131.52
184.108.40.206.in-addr.arpa domain name pointer cyberciti.org.
In this example output, IP 220.127.116.11 is reverse mapped to cyberciti.org. Here is another reverse lookups done using dig command:
$ dig -x ip-address-here
$ dig -x 18.104.22.168
; <<>> DiG 9.8.3-P1 <<>> -x 22.214.171.124 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39113 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;126.96.36.199.in-addr.arpa. IN PTR ;; ANSWER SECTION: 188.8.131.52.in-addr.arpa. 20975 IN PTR www.cyberciti.biz. ;; Query time: 32 msec ;; SERVER: 184.108.40.206#53(220.127.116.11) ;; WHEN: Sat Feb 8 04:40:28 2014 ;; MSG SIZE rcvd: 76
Hiding additional display info while doing reverse ip lookup using dig command
You can only display the answer section of a reply with +answer option and clear all other display info with +noall option as follow:
dig +noall +answer -x 18.104.22.168
22.214.171.124.in-addr.arpa. 80127 IN PTR www.cyberciti.biz.
Task: Find Reverse DNS for IP 126.96.36.199 under Linux/UNIX/Windows
nslookup works under Windows and UNIX like oses:
Server: 188.8.131.52 Address: 184.108.40.206#53 Non-authoritative answer: 220.127.116.11.in-addr.arpa name = cyberciti.org. Authoritative answers can be found from: