Skip to Content

2 Ways to Perform Reverse DNS lookups in Linux

Reverse DNS lookup, also known as rDNS, is used to determine or resolve the IP address associated with the domain name. It is simply an entry that resolves an IP address back to a hostname. It is also called PTR record in DNS.

Purpose of reverse DNS lookups

Reverse DNS lookups are commonly used by email servers. Reverse DNS requests are often used for filtering spam. Spammers can easily set the sending email address using any domain name they want, including legitimate domain names like those of banks or trusted organizations.

Receiving email servers can validate incoming messages by checking the sending IP address with a Reverse DNS request. If the email is legitimate, the rDNS resolver should match the domain of the email address.

The downside with this technique is that some legitimate mail servers don’t have the proper rDNS records setup on their end to respond properly because in many cases their ISP has to set these records up.

Forward DNS lookup and reverse DNS lookup

Forward DNS lookup is using an Internet domain name to find an IP address. Forward DNS (which stands for domain name system) lookup is the more common lookup since most users think in terms of domain names rather than IP addresses. It is called A record in DNS.

Reverse DNS lookup is using an Internet IP address to find a domain name. It is called PTR record.

Example of Reverse DNS record in Linux

Here is the Reverse DNS Lookup for IP 185.230.63.186. It points to the domain name unalocated.63.wixsite.com.

% dig -x 185.230.63.186
; <<>> DiG 9.10.6 <<>> -x 185.230.63.186
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37914
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;186.63.230.185.in-addr.arpa. IN PTR
;; ANSWER SECTION:
186.63.230.185.in-addr.arpa. 0 IN PTR unalocated.63.wixsite.com.

What is a Reverse DNS Lookup Zone?

A Reverse Lookup Zone contains all the records of IP addresses to their domain names. It would be too easy to define a reverse lookup as the opposite of forward, but it is true. A reverse lookup zone is used any time we want to convert an IP address to a name.

How to create a reverse DNS record?

If the Reverse response is not provided by our nameserver, we will need to contact our hosting provider to help us set a PTR record. We should be able to accomplish that be emailing their support team and letting them know we would like a PTR record set for the IP address X.X.X.X resolving to yourdomain.example.com.

If we own the DNS server ourself, we need to create a reverse DNS zone. The hostname for the zone has to be in a very specific format. It starts with a portion of our IP address written backward followed by .in-addr.arpa.

For example,

we need to create .63.230.185.in-addr.arpa.zone file and add 186 record to point to unalocated.63.wixsite.com.

Perform Reverse DNS lookup with dig command in Linux

The best Linux command to perform reverse DNS lookup is dig command.  It queries DNS servers for information about domains and records. Open the terminal and type dig -x ip address. It will return the reverse record for this ip.

dig -x 8.8.8.8 +short
dns.google.

Perform Reverse DNS lookup with nslookup command in Linux

we can check the reverse DNS record with Nslookup as well. The outputs of this command will show which hostname does this IP address belongs to. A sample is shown below:

% nslookup 8.8.8.8
Server: 64.104.76.247
Address: 64.104.76.247#53
Non-authoritative answer:
8.8.8.8.in-addr.arpa name = dns.google.

 

Related:

Bkacl

Saturday 24th of February 2024

dig -x allows to find the PTR record indeed. If you need to find ALL hostnames tied to a given IP address you have to use a service.