How To Resolve IP Addresses To Domain Names?

ip-address hostname domain-name rdns

Yes, you can (sometimes) resolve an IP Address back to a hostname.

Within DNS, an IP Address can be stored against a PTR record. You can use nslookup to resolve both hostnames and IP addresses, though use of nslookup has been deprecated for quite some time.

For best results, you should really get a hold of the dig tool. If you're a linux user, this is available as part of dnsutils (debian), or similar package. If you're a windows user, you can follow instructions such as these to install dig.

You can then do:

dig A <hostname>

To lookup the IPv4 address for a host, or:

dig AAAA <hostname>

To lookup the IPv6 address for a host, or:

dig PTR ZZZ.YYY.XXX.WWW.in-addr.arpa.

To lookup the hostname for IPv4 address WWW.XXX.YYY.ZZZ (note the octets are reversed), or:

dig PTR b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.

To get the hostname for the IPv6 address 2001:db8::567:89ab.


nslookup <ipaddress> or nslookup <hostname>


You can use nslookup, dig, or other network tool to possibly get a domain name for an IP address, but it's not necessarily going to be the one you're expecting.

Unlike normal DNS lookups, where many names can resolve to a single IP address, reverse DNS lookups can only resolve to a single name, and that's handled by whomever controls the reverse DNS information for the IP block in question. Nobody else can set up a PTR record on a random IP address block. This is in contrast to "normal" DNS lookups, where anyone can set up a domain name and create A records pointing at whatever IP addresses they'd like.

This ServerFault question has a bit more info on this topic.

My point is that just because you can do it doesn't mean that you'll get what you're expecting or that it will be useful.


dig has the -x addr option:

Reverse lookups -- mapping addresses to names -- are simplified by the -x option. addr is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide the name, class and type arguments

For example:

dig -x 82.165.8.211

As an aside: the IP address was in the journalctl log of an ARTIK 710 dev board, and I thought it had been hacked. I couldn't remember the dig option to do this without using the tedious PTR method, but then I saw Michael's comment.

And the manpage for dig just mentions it in passing; I didn't even notice it until I found the answer here and went back and searched for it.

p.s. the address resolved to ipv4.connman.net, and then I found it; I wasn't hacked.

[root@artik ~]# grep -r '\<ipv4.connman.net\>' /etc /usr/bin /usr/sbin
Binary file /usr/sbin/connmand matches

the log entries that caused concern were:

Jul 15 04:41:11 artik connmand[1870]: wlan0 {add} route 82.165.8.211 gw 192.168.251.1 scope 0 <UNIVERSE>
Jul 15 04:41:12 artik connmand[1870]: wlan0 {del} route 82.165.8.211 gw 192.168.251.1 scope 0 <UNIVERSE>

Related

With tmux on OSX, how can I make command+k clear more gracefully?
Does speed enhancement software actually work? [duplicate]
Difference between locate and which in Linux
Why does searching "0.693" bring me to "0.0.2.181"? [duplicate]
Right align part of prompt
How do I change the Table of Contents in Word 2010 to show only headings 1-3?
Are USB 3.0 ports yellow?
Where are the task bar icons stored on Windows 10
What does "come in" mean in the following context?
What's the correct punctuation of "i.e." and "e.g."? [duplicate]
What is the difference between "in the playground" and "on the playground"
What's the best word for denoting "treat as a single item" in the specific context I describe?