What's the reverse DNS command line utility?

Question

What's the command to find the name of a computer given its IP address?

I always forget what this command is, but I know it exists in Windows and I assume it exists on the *nix command-line.

Answer 1

The commands dig and host should be what you're looking for ;)

On *nix systems, you can use this command:

dig -x [address]

Alternatively, you can add +short at the end of the dig command to output only the DNS result.

There's also nslookup on both *nix and Windows systems for reverse DNS requests.

Answer 2

On *nix you can use:

dig -x [address]

Answer 3

Try "host"

• Forward lookup with host:

  $ host google-public-dns-b.google.com.
  google-public-dns-b.google.com has address 8.8.4.4
  google-public-dns-b.google.com has IPv6 address 2001:4860:4860::8844
  

• Reverse lookup with host:

  $ host 8.8.4.4
  4.4.8.8.in-addr.arpa domain name pointer google-public-dns-b.google.com.
  

Similar to dig

• Forward lookup with dig:

  $ dig google-public-dns-b.google.com. +short
  8.8.4.4
  

• Reverse lookup with dig:

  $ dig -x 8.8.4.4 +short
  google-public-dns-b.google.com.
  

Try "rdt"

It takes a little more setup. But if you do this, then you can run this "rdt" PHP script from the command line and it's quite wonderful. It does a few back and forth trips between forward and reverse lookups.

Download from here: https://github.com/grawity/code/blob/master/net/rdt

Example. This is what it looks like when it's working:

$ rdt google-public-dns-b.google.com.
google-public-dns-b.google.com. = 2001:4860:4860::8844, 8.8.4.4
   2001:4860:4860::8844 = dns.google
      dns.google = 2001:4860:4860::8844, 2001:4860:4860::8888, 8.8.4.4, 8.8.8.8
         2001:4860:4860::8888 = dns.google
         8.8.8.8 = dns.google
   8.8.4.4 = dns.google

Answer 4

On most of the Linux systems that I am aware of you can use:

 nslookup <ip-number EX: 127.0.0.1>

will work on the command line.

Come to think of it, isn't nslookup available on Windows XP?

Answer 5

This question already has a million answers, but I'm gonna add another one. Here's a little function I wrote for easily doing reverse DNS with dig. Add this to your ~/.bashrc file, reload your shell, and then you can do reverse DNS lookups with revdns 1.2.3.4:

function revdns() {
    octets=""
    addr="in-addr.arpa"

    # split the IP address into an array of octets
    IFS="." read -r -a octets <<< "$1"

    # add each octet to our $addr string in reverse order
    for octet in "${octets[@]}"; do
         addr=$octet"."$addr
    done

    # run a DNS pointer lookup with dig
    # `+short` makes dig's output very terse (un-verbose)
    # `"${@:2}"` passes any extra params from this command to dig
    dig ptr +short $addr "${@:2}"
}

Reverse DNS lookups are done by checking the pointer (PTR) records. If you wanna do reverse DNS for "1.2.3.4", you have to lookup pointer records for "4.3.2.1.in-addr.arpa". My function takes in an IP address, reverses the order of the octets (i.e. changes it from 1.2.3.4 to 4.3.2.1), and then uses dig to execute the PTR lookup I just described.

You can, of course, just use nslookup 1.2.3.4 if you have it, but I prefer this dig-based solution because it uses the OS' DNS servers instead of nslookup-provided ones (if you want, by the way, you can add additional dig flags when you call revdns, and they will get passed to dig)

Answer 6

I'm well aware that dig/host/nslookup are the standard tools for these, but I keep these around for testing the OS's resolution (essentially, to test nsswitch.conf is working correctly):

gethostbyname:

#!/usr/bin/perl

use Socket;

my @t = gethostbyname($ARGV[0]);
print "\$name     = $t[0]\n"; shift(@t);
print "\$aliases  = $t[0]\n"; shift(@t);
print "\$addrtype = $t[0]\n"; shift(@t);
print "\$length   = $t[0]\n"; shift(@t);

foreach (@t) {
  print "          = ", inet_ntoa($_), "\n";
}

gethostbyaddr:

#!/usr/bin/perl

use Socket;

my @t = gethostbyaddr(inet_aton($ARGV[0]), AF_INET);
print "\$name     = $t[0]\n"; shift(@t);
print "\$aliases  = $t[0]\n"; shift(@t);
print "\$addrtype = $t[0]\n"; shift(@t);
print "\$length   = $t[0]\n"; shift(@t);

foreach (@t) {
  print "          = ", inet_ntoa($_), "\n";
}

example:

g3 0 /home/jj33/swap > gethostbyname www.google.com
$name     = www.l.google.com
$aliases  = www.google.com
$addrtype = 2
$length   = 4
          = 72.14.205.147
          = 72.14.205.103
          = 72.14.205.104
          = 72.14.205.99
g3 0 /home/jj33/swap > gethostbyaddr 72.14.205.147 
$name     = qb-in-f147.google.com
$aliases  = 
$addrtype = 2
$length   = 4
          = 72.14.205.147

Answer 7

On Windows I got in to the habit of using:

ping -a <ip address>

as this will also reflect data from your hosts file and WINS and so on.

Answer 8

I prefer the command-line dig for Windows (available here: http://members.shaw.ca/nicholas.fong/dig/) to nslookup any day.

If you have to test/administer DNS from a Windows workstation, grab this tool. Then:

C:\dig>dig -x <IP Address>

...also, remember to add c:\dig to your path!

Answer 9

If you're using nslookup it's this (assuming 192.168.0.1 as the IP in question)

> set type=ptr
> 1.0.168.192.in-addr.arpa

EDIT: Remember a reverse lookup only works if there is a PTR record created for the IP, and it's not guaranteed to return the hostname you're looking for. Completely depends on how DNS is configured and maintained in your situation.

Answer 10

Powershell:

[net.dns]::gethostentry("69.59.196.212").HostName

Answer 11

Well, some friendly person just wrote nslookup is the command, and he's right. It works on both Unix and Windows. Not sure why you deleted your answer, but you are correct sir.

Answer 12

nbtstat -a < ip address >

Answer 13

Her's my take on a more complete DNS reverse lookup. Hope this will come in handy to future viewers of this page.

for ip in {1..254..1}; do dig -x 1.1.1.$ip | grep $ip >> dns.txt; done;