Introduction
In this post, I will go over details of a reverse IP aka, reverse DNS lookup. I will be talking about its details, how it works, what it is used for, and what tools are available that you can use for IP lookup.
What is Reverse IP or Reverse DNS Lookup?
A Domain Name Service (DNS) lookup uses a domain name such as freeservermonitor.com and returns the actual physical machine IP for that domain name.
A reverse lookup does the opposite, where it looks at the IP address and returns the domain or server name for that IP, basically an opposite of a forward DNS lookup.
A DNS server is designed to store multiple types of addresses and their mappings. More than 50 such mappings have been defined as valid DNS resource record types. Some of the common ones are listed in the table below.
Type | Purpose | Contents |
---|---|---|
A | IPv4 Host Address | 32-bit IPv4 address. There can be multiple A host entries. |
AAAA | IPv6 Host Address | 128-bit IPv6 address. There can be multiple AAAA host entries. |
CNAME | Canonical Name | Canonical domain name for an alias. There can be multiple CNAME entries. |
MX | Mail Exchanger | Name of the host that acts as an email exchanger for the domain. Also stored is a 16-bit preference or priority value for each host. |
NS | Name Server | Name of the authoritative server for a domain. |
PTR | Pointer | A domain name, similar to a symbolic link. |
SOA | Start of Authority | Multiple fields specifying which parts of the naming hierarchy a server implements. |
TXT | Arbitrary Text | A string of ASCII text. Sometimes used for validation purposes. For example Amazon or Google cloud tools may require you to create a TXT record so they can use the value to validate domain ownership. |
Note: A PTR
record is used to perform reverse DNS lookups. Pointer records are configured within Address and Routing Parameter Area (in-addr.arpa) domains. If there is no PTR record set up, a reverse DNS lookup may fail. As such, often there is no way to find the server that can resolve the query without searching the entire set of servers.
To summarize, inverse queries allow the client to ask a server to map in the opposite direction by taking an answer and generating the question that would produce that answer.
What is Reverse IP Used For?
A reverse DNS lookup is used for multiple purposes. Some of the common ones are:
Access & Authentication
One form of inverse mapping is an authentication mechanism that a server uses to verify that a client is authorized to access the service: the server maps the client’s IP address to a domain name.
For example, a server at corporation example.com might be configured to provide the service only to clients from the same corporation. When a client contacts the server, the server maps the client’s IP address to an equivalent domain name and verifies that the name ends in example.com before granting access.
Email Filtering & SPAM Reduction
Most email servers check and see if an email message came from a valid server before accepting the email being sent. Any server that does not support reverse IP lookup will result in getting their email being refused.
The reason is that most spammers often use IP addresses from hijacked machines, which means there will be no PTR record in DNS servers for that domain.
Logging Software
Logging software uses reverse lookups in order to provide users with readable domains in their log data, as opposed to a bunch of numeric IP addresses.
Other form of software, such as website analytics also uses reverse ip and domain lookup to map visitors’ IP addresses to domain or host names.
How Does Reverse IP Work?
The DNS is defined by zones. A zone is a separate portion of the domain name space. It was historically administered as one zone file. Most often a single domain is one zone.
A zone maps different addresses to different domain names in their zone. For example, the IP address 192.168.10.5
may point to the hostname www
in zone example.com
. This would mean creating an A or CNAME entry in your DNS zone file. This will direct your browser or other web client to the correct IP address.
What Is a PTR Record and IN-ADDR.ARPA Zone
A PTR record is the record in a special called .in-addr.arpa
.
In a pointer query, the question presented to a domain name server specifies an IP address encoded as a printable string in the form of a domain name (i.e., a textual representation of digits separated by periods). A pointer query requests the name server to return the correct domain name for the machine with the specified IP address. Pointer queries are not difficult to generate.
Consider IPv4. When we think of an IPv4 address written in dotted-decimal form, it has the following format
aaa.bbb.ccc.ddd
To form a pointer query, the client rearranges the dotted decimal representation of the address into a string of the form:
ddd.ccc.bbb.aaa.in-addr.arpa
IPv6 is more complex and results in much longer names. To form a pointer query, a client represents the IPv6 address as a series of nibbles (i.e., 4-bit quantities), writes each nibble in hexadecimal, reverses the order and appends ip6.arpa. For example, the IPv6 address:
2001:18e8:0707:0000:0000:00a0:c000:1111
is represented as:
1.1.1.1.0.0.0.c.0.a.0.0.0.0.0.0.0.0.0.0.7.0.7.0.8.e.8.1.1.0.0.2.ip6.arpa
In our case, the zone for the PTR record would be 192.168.10.5.in-addr.arpa.
Now that I have the technical stuff down…let’s get into how we can do actual IP -> Host(or Domain) lookup.
How To Do a Reverse IP or DNS Lookup
There are several way to perform a Reverse IP or DNS lookup. You can use command line tools on Windows, Mac, Linux or BSD system. You can also use online tools for reverse ip lookup, such as one on our website.
Common Commands for Query DNS
Following is a list of usual built-in tools.
Command | Platform | Description |
---|---|---|
DIG | BSD, Linux, Mac | DNS Lookup utility. dig is normally used with command-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command-line arguments and options is printed when the -h option is given. |
HOST | BSD, Linux, Mac | Another DNS lookup utility. It is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. |
NSLOOKUP | BSD, Linux, Mac, Windows | NsLookup is used to query Internet name servers interactively. Nslookup has two modes: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain. |
Using Reverse IP & Domain Query Tools
To show you examples on how the various tools worked. I used ping (available on all platforms) to find IP address of google.com.
Using the IP 142.250.189.174
for google.com, first I use the command host on Linux.
root@slap:/tmp# host 142.250.189.174
174.189.250.142.in-addr.arpa domain name pointer sfo03s24-in-f14.1e100.net.
As you can see it resolves it to hostname sfo03s24-in-f14.1e100.net.
Note: You may get a different hostname depending on where you are in the world and even this would change so your results maybe different.
Validation: If you were to use a ping for the hostname you found using the host
command, the original IP will be returned.
Doing the same reverse lookup using dig. Use the following command.
root@slap:/tmp# dig -x 142.250.189.174 ### Must provide the -x option for reverse lookup
I got the following result.
This shows the same result (IP) but with a lot more detail from the DNS server.
Finally using nslookup on Windows yields the following.
Online Reverse IP Tool
These command line tools are a great way to do IP to Domain or host mapping. But at times you want the ease of use of an online tool to access this capability.
Don’t worry. Got you covered there as well.
Check out our Reverse IP Tool page where you can enter the IP can view not only the host and domain info but also the geolocation of that IP address.
Reverse IP Lookup API
Currently, our site is working on providing API access to all forms of data such as IP Geolocation, Whois info, Email black list and reverse IP lookup.
Send a message to us through our contact page if you want to be notified of the releases of our Mobile app and API access.