Reverse DNS Lookup
Use the reverse DNS lookup tool to determine the hostname of an IP address.
What is reverse DNS lookup?
A reverse domain name system (DNS) lookup, or reverse IP lookup, is the opposite sequence of a DNS lookup. It's essentially a reverse IP tracker. With a standard DNS lookup online, you query the DNS server or hostname to get the IP address. But with the reverse DNS lookup command, you query the IPv4 address or IPv6 address to find the hostname. Therefore, by entering the IP address into the reverse lookup tool, users can locate the domain name associated with the corresponding IP.
For example, one IP address of Google.com is 126.96.36.199. Typing this IP address into the reverse DNS lookup tool returns the host name of Google as listed in the database of the Address and Routing Parameter Area’s (ARPA) top-level domain of the Internet.
Note that some IP addresses will not return a domain name. There may be records indicating multiple domain names for a given IP address in these cases. Web hosting, where one IP address of the server is shared among one or more domains, is a common example. To see what your own IP address is linked to, first go to the homepage of What's My IP to find out what your IP is.
How does reverse DNS lookup work?
A reverse DNS lookup searches DNS queries for PTR records, or pointer records. A PTR record maps an IP address to the hostname, so if there is no PTR record on the server, a reverse DNS record lookup won’t work.
How to do a reverse IP lookup
Reverse DNS Lookup (Linux)
For a reverse IP lookup in the Linux system, there are three different commands that users can perform the reverse DNS process with: the dig command, the host command, and the nslookup command. Each works in a slightly different way as it focuses on observing different information.
The dig command, or domain information groper command, allows the rDNS lookup in Linux to be done manually through the terminal. It returns name servers and is primarily used for examining and resolving DNS issues because of its flexible and clear output. The host command converts the host names to IP addresses and vice versa.
The nslookup command also helps check and resolve DNS issues. It's the most used network administration tool and has two modes to display output: interactive, which gives information about hosts and domains against the query, and non-interactive, which shows only the name and requested, relevant details for a domain.
Reverse DNS Lookup (Windows)
For Windows users, the nslookup command via the command prompt is the best way to do a reverse domain lookup and check DNS records in a Windows server. Open the Windows start menu and search "command prompt" in the search bar. An access shortcut appears from which you can open the "Run" box with Windows+R. From there, run the nslookup commands and find A records, NS records, or SOA records of a domain.
What the reverse lookup command is used for
Using the free reverse IP lookup tool above is very useful for a variety of purposes:
- Finding spam emails. From an IP address alone, it’s difficult to differentiate legitimate mail servers from spam servers. However, certain generic rDNS names can provide clues that the email server is spam. This is where the reverse DNS lookup comes in.
- Knowing who visits your website. Website visit logs usually contain IP addresses, which aren’t particularly useful for tracking exactly who is visiting your website. The reverse IP lookup process serves as a reverse website search tool, finding the hostname of your visitors to give you a better picture of who visits your website. This is especially useful for those operating B2B businesses.
- Troubleshooting. The rDNS test helps run and troubleshoot basic Internet protocols like the ping command in the command line prompt. It also keeps you from encountering problems with enterprise management systems, r-commands, SMTP servers, and network backup systems.
- Security. Reverse IP lookups check DNS records to locate the address' A records and map a domain name to the physical IP address of the device. This helps determine the virtual hosts from web servers, thus identifying server weaknesses and improving security.