Where does tracert get its FQDN? And why can they differ?

Question

I'm running Windows 2012 R2 on four different virtual machines.

I'm testing connectivity to a single IP address, e.g. 12.13.14.15. Telnet isn't working, so I'm running tracerts and capturing the results to send to the networking team.

Tracert displays an FQDN at the top of its results. Where does this FQDN come from? I imagine it is some sort of DNS reverse lookup, but I would like to know specifics.

The reason I ask is that the FQDN is showing up as different on each of the four VMs, even though it is the same IP address and they are all on the same network.

For example, on Machine A the output is:

C:\Windows\system32>tracert 12.13.14.15

Tracing route to some-funny-name.mycompany.com [12.13.14.15] over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.0.0.108

2 * * * Request timed out.

3 * * * Request timed out.

But on Machine B the output is:

C:\Windows\system32>tracert 12.13.14.15

Tracing route to a-totally-different-name.mycompany.com [12.13.14.15] over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.0.0.82

2 * * * Request timed out.

3 * * * Request timed out.

And on Machine C it is yet another name:

C:\Windows\system32>tracert 12.13.14.15

Tracing route to totally-different-too.mycompany.com [12.13.14.15] over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.0.0.112

2 * * * Request timed out.

3 * * * Request timed out.

Why are the FQDNs different?

Answer 1

Tracert uses GetNameInfoW internally, and as indicated in the "Remarks" section:

The capability to perform reverse DNS lookups using the GetNameInfoW function is convenient, but such lookups are considered inherently unreliable, and should be used only as a hint.

and:

[...]name resolution can be by the Domain Name System (DNS), a local hosts file, or by other naming mechanisms

It's just a "hint", so that you have a rough idea of what you see...