How To Resolve IP Addresses To Domain Names?
Yes, you can (sometimes) resolve an IP Address back to a hostname.
Within DNS, an IP Address can be stored against a PTR
record. You can use nslookup
to resolve both hostnames and IP addresses, though use of nslookup
has been deprecated for quite some time.
For best results, you should really get a hold of the dig
tool. If you're a linux user, this is available as part of dnsutils
(debian), or similar package. If you're a windows user, you can follow instructions such as these to install dig
.
You can then do:
dig A <hostname>
To lookup the IPv4 address for a host, or:
dig AAAA <hostname>
To lookup the IPv6 address for a host, or:
dig PTR ZZZ.YYY.XXX.WWW.in-addr.arpa.
To lookup the hostname for IPv4 address WWW.XXX.YYY.ZZZ
(note the octets are reversed), or:
dig PTR b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
To get the hostname for the IPv6 address 2001:db8::567:89ab.
nslookup <ipaddress>
or nslookup <hostname>
You can use nslookup
, dig
, or other network tool to possibly get a domain name for an IP address, but it's not necessarily going to be the one you're expecting.
Unlike normal DNS lookups, where many names can resolve to a single IP address, reverse DNS lookups can only resolve to a single name, and that's handled by whomever controls the reverse DNS information for the IP block in question. Nobody else can set up a PTR
record on a random IP address block. This is in contrast to "normal" DNS lookups, where anyone can set up a domain name and create A
records pointing at whatever IP addresses they'd like.
This ServerFault question has a bit more info on this topic.
My point is that just because you can do it doesn't mean that you'll get what you're expecting or that it will be useful.
dig
has the -x addr
option:
Reverse lookups -- mapping addresses to names -- are simplified by the
-x
option.addr
is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide thename
,class
andtype
arguments
For example:
dig -x 82.165.8.211
As an aside: the IP address was in the journalctl log of an ARTIK 710 dev board, and I thought it had been hacked. I couldn't remember the dig
option to do this without using the tedious PTR method, but then I saw Michael's comment.
And the manpage for dig
just mentions it in passing; I didn't even notice it until I found the answer here and went back and searched for it.
p.s. the address resolved to ipv4.connman.net, and then I found it; I wasn't hacked.
[root@artik ~]# grep -r '\<ipv4.connman.net\>' /etc /usr/bin /usr/sbin
Binary file /usr/sbin/connmand matches
the log entries that caused concern were:
Jul 15 04:41:11 artik connmand[1870]: wlan0 {add} route 82.165.8.211 gw 192.168.251.1 scope 0 <UNIVERSE>
Jul 15 04:41:12 artik connmand[1870]: wlan0 {del} route 82.165.8.211 gw 192.168.251.1 scope 0 <UNIVERSE>