105

What's the command to find the name of a computer given its IP address?

I always forget what this command is, but I know it exists in Windows and I assume it exists on the *nix command-line.

Marc-Andre R.
  • 2,189
  • 2
  • 21
  • 21
Peter Turner
  • 2,048
  • 9
  • 33
  • 45

13 Answers13

90

The commands dig and host should be what you're looking for ;)

On *nix systems, you can use this command:

dig -x [address]

Alternatively, you can add +short at the end of the dig command to output only the DNS result.

There's also nslookup on both *nix and Windows systems for reverse DNS requests.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
Marc-Andre R.
  • 2,189
  • 2
  • 21
  • 21
70

On *nix you can use:

dig -x [address]
Giacomo1968
  • 3,522
  • 25
  • 38
palehorse
  • 4,179
  • 5
  • 28
  • 27
14

Try "host"

  • Forward lookup with host:

    $ host google-public-dns-b.google.com.
    google-public-dns-b.google.com has address 8.8.4.4
    google-public-dns-b.google.com has IPv6 address 2001:4860:4860::8844
    
  • Reverse lookup with host:

    $ host 8.8.4.4
    4.4.8.8.in-addr.arpa domain name pointer google-public-dns-b.google.com.
    

Similar to dig

  • Forward lookup with dig:

    $ dig google-public-dns-b.google.com. +short
    8.8.4.4
    
  • Reverse lookup with dig:

    $ dig -x 8.8.4.4 +short
    google-public-dns-b.google.com.
    

Try "rdt"

It takes a little more setup. But if you do this, then you can run this "rdt" PHP script from the command line and it's quite wonderful. It does a few back and forth trips between forward and reverse lookups.

Download from here: https://github.com/grawity/code/blob/master/net/rdt

Example. This is what it looks like when it's working:

$ rdt google-public-dns-b.google.com.
google-public-dns-b.google.com. = 2001:4860:4860::8844, 8.8.4.4
   2001:4860:4860::8844 = dns.google
      dns.google = 2001:4860:4860::8844, 2001:4860:4860::8888, 8.8.4.4, 8.8.8.8
         2001:4860:4860::8888 = dns.google
         8.8.8.8 = dns.google
   8.8.4.4 = dns.google
StackzOfZtuff
  • 1,754
  • 12
  • 21
11

On most of the Linux systems that I am aware of you can use:

 nslookup <ip-number EX: 127.0.0.1>

will work on the command line.

Come to think of it, isn't nslookup available on Windows XP?

mdpc
  • 11,698
  • 28
  • 51
  • 65
4

This question already has a million answers, but I'm gonna add another one. Here's a little function I wrote for easily doing reverse DNS with dig. Add this to your ~/.bashrc file, reload your shell, and then you can do reverse DNS lookups with revdns 1.2.3.4:

function revdns() {
    octets=""
    addr="in-addr.arpa"

    # split the IP address into an array of octets
    IFS="." read -r -a octets <<< "$1"

    # add each octet to our $addr string in reverse order
    for octet in "${octets[@]}"; do
         addr=$octet"."$addr
    done

    # run a DNS pointer lookup with dig
    # `+short` makes dig's output very terse (un-verbose)
    # `"${@:2}"` passes any extra params from this command to dig
    dig ptr +short $addr "${@:2}"
}

Reverse DNS lookups are done by checking the pointer (PTR) records. If you wanna do reverse DNS for "1.2.3.4", you have to lookup pointer records for "4.3.2.1.in-addr.arpa". My function takes in an IP address, reverses the order of the octets (i.e. changes it from 1.2.3.4 to 4.3.2.1), and then uses dig to execute the PTR lookup I just described.

You can, of course, just use nslookup 1.2.3.4 if you have it, but I prefer this dig-based solution because it uses the OS' DNS servers instead of nslookup-provided ones (if you want, by the way, you can add additional dig flags when you call revdns, and they will get passed to dig)

  • 1
    According to its help `dig -x dot-notation` is the "shortcut for reverse lookups". I was wondering what the long version would be. Thanks for explaining! :) – webwurst Jul 11 '18 at 15:43
  • 1
    from `man dig`: _When the -x is used, there is no need to provide the name, class and type arguments. dig automatically performs a lookup for a name like 94.2.0.192.in-addr.arpa and sets the query type and class to PTR and IN respectively._ – Ricardo Aug 21 '18 at 22:15
3

I'm well aware that dig/host/nslookup are the standard tools for these, but I keep these around for testing the OS's resolution (essentially, to test nsswitch.conf is working correctly):

gethostbyname:

#!/usr/bin/perl

use Socket;

my @t = gethostbyname($ARGV[0]);
print "\$name     = $t[0]\n"; shift(@t);
print "\$aliases  = $t[0]\n"; shift(@t);
print "\$addrtype = $t[0]\n"; shift(@t);
print "\$length   = $t[0]\n"; shift(@t);

foreach (@t) {
  print "          = ", inet_ntoa($_), "\n";
}

gethostbyaddr:

#!/usr/bin/perl

use Socket;

my @t = gethostbyaddr(inet_aton($ARGV[0]), AF_INET);
print "\$name     = $t[0]\n"; shift(@t);
print "\$aliases  = $t[0]\n"; shift(@t);
print "\$addrtype = $t[0]\n"; shift(@t);
print "\$length   = $t[0]\n"; shift(@t);

foreach (@t) {
  print "          = ", inet_ntoa($_), "\n";
}

example:

g3 0 /home/jj33/swap > gethostbyname www.google.com
$name     = www.l.google.com
$aliases  = www.google.com
$addrtype = 2
$length   = 4
          = 72.14.205.147
          = 72.14.205.103
          = 72.14.205.104
          = 72.14.205.99
g3 0 /home/jj33/swap > gethostbyaddr 72.14.205.147 
$name     = qb-in-f147.google.com
$aliases  = 
$addrtype = 2
$length   = 4
          = 72.14.205.147
jj33
  • 11,038
  • 1
  • 36
  • 50
  • 4
    you can do "getent hosts [IP or HOSTNAME]" – hayalci May 27 '09 at 09:44
  • Hmmm... I wrote the tools originally just to play with the functions, so no loss there but I certainly wouldn't have pasted them into serverfault if I had known about the getent tool. Thanks for the pointer. – jj33 May 27 '09 at 14:06
  • 1
    -1: they are limited to IPv4, gethostbyname does not retrieve IPv6 addresses when they exist and gethostbyaddr does not accept IPv6 addresses. – bortzmeyer Sep 23 '09 at 07:14
  • These functions are many years obsolete. They were even obsolete when this was written. In perl and most other languages you should be using getaddrinfo and getnameinfo. – Michael Hampton Feb 03 '16 at 23:58
3

On Windows I got in to the habit of using:

ping -a <ip address>

as this will also reflect data from your hosts file and WINS and so on.

David Webb
  • 411
  • 3
  • 5
1

I prefer the command-line dig for Windows (available here: http://members.shaw.ca/nicholas.fong/dig/) to nslookup any day.

If you have to test/administer DNS from a Windows workstation, grab this tool. Then:

C:\dig>dig -x <IP Address>

...also, remember to add c:\dig to your path!

Cory J
  • 1,528
  • 4
  • 19
  • 28
1

If you're using nslookup it's this (assuming 192.168.0.1 as the IP in question)

> set type=ptr
> 1.0.168.192.in-addr.arpa

EDIT: Remember a reverse lookup only works if there is a PTR record created for the IP, and it's not guaranteed to return the hostname you're looking for. Completely depends on how DNS is configured and maintained in your situation.

squillman
  • 37,618
  • 10
  • 90
  • 145
1

Powershell:

[net.dns]::gethostentry("69.59.196.212").HostName
Richard
  • 5,309
  • 1
  • 22
  • 20
0

Well, some friendly person just wrote nslookup is the command, and he's right. It works on both Unix and Windows. Not sure why you deleted your answer, but you are correct sir.

Peter Turner
  • 2,048
  • 9
  • 33
  • 45
-1

nbtstat -a < ip address >

Peter Turner
  • 2,048
  • 9
  • 33
  • 45
-1

Her's my take on a more complete DNS reverse lookup. Hope this will come in handy to future viewers of this page.

for ip in {1..254..1}; do dig -x 1.1.1.$ip | grep $ip >> dns.txt; done;
Boschko
  • 127
  • 5