Performing a Reverse IP Lookup in Ruby, Python, and Bash
A reverse DNS lookup is sometimes called a reverse IP lookup because you start with an IP address and use it to lookup a hostname. For example, if you have an IP address like 66.249.64.10, a reverse DNS lookup will return the hostname crawl-66-249-64-10.googlebot.com.
You might also see reverse DNS lookups referred to as reverse DNS resolution, reverse PTR lookup, or reverse Pointer DNS lookup. They’re all synonymous.
Since reverse DNS lookups are a pretty common task, many languages have libraries that support lookups. We’ll cover performing a reverse IP lookup in 3 popular languages:
- ruby
- python
- bash
Reverse DNS Lookups in Ruby
Ruby has a number of gems which you can use, but I prefer
resolv because it’s built into Ruby’s Standard Library, and it’s really easy to use.Just use the
getname method:Reverse DNS in ruby using ‘resolv’
require 'resolv'
reversed_dns = Resolv.new.getname '203.208.60.1'
# "crawl-203-208-60-1.googlebot.com"If
resolv just isn’t for you, there are alternative gem that package powerful DNS tools together. For example, dnsruby and net-dns are two great DNS libraries.dnsruby is a cool gem because it’s built on top of resolv, but with some added functionality like the ability to:- do zone transfers
- or perform queries with retries across multiple nameservers.
Reverse DNS in ruby using ‘dnsruby’
require 'dnsruby'
resolver = Dnsruby::Resolver.new.query '203.208.60.1'
# ;; Security Level : UNCHECKED
# ;; HEADER SECTION
# ;; id = 59252
# ;; qr = true opcode = Query aa = false tc = false rd = true
# ;; ra = true ad = false cd = true rcode = NOERROR
# ;; qdcount = 1 ancount = 1 nscount = 4 arcount = 5
#
# OPT pseudo-record : payloadsize 1280, xrcode 0, version 0, flags 32768
#
# ;; QUESTION SECTION (1 record)
# ;; 1.60.208.203.in-addr.arpa. IN PTR
#
# ;; ANSWER SECTION (1 record)
# 1.60.208.203.in-addr.arpa. 86068 IN PTR crawl-203-208-60-1.googlebot.com.
#
# ;; AUTHORITY SECTION (4 records)
# 60.208.203.in-addr.arpa. 86068 IN NS ns1.google.com.
# 60.208.203.in-addr.arpa. 86068 IN NS ns3.google.com.
# 60.208.203.in-addr.arpa. 86068 IN NS ns4.google.com.
# 60.208.203.in-addr.arpa. 86068 IN NS ns2.google.com.
#
# ;; ADDITIONAL SECTION (5 records)
# ns2.google.com. 303789 IN A 216.239.34.10
# ns3.google.com. 219381 IN A 216.239.36.10
# ns4.google.com. 303744 IN A 216.239.38.10
# ns1.google.com. 303769 IN A 216.239.32.10
reversed_dns = resolver.answer[0].domainname.to_s
# "crawl-203-208-60-1.googlebot.com"net-dns is also a great gem and is regularly maintained. net-dns is a close port of perl’s Net::DNS and it shares almost all the same powerful functionality. So if you’re familiar with the perl library, this might be the gem for you.Reverse DNS in ruby using ‘net-dns’
require 'net/dns/resolver'
resolver = Net::DNS::Resolver.new.search '203.208.60.1'
# ;; Answer received from 10.44.225.18:53 (89 bytes)
# ;;
# ;; HEADER SECTION
# ;; id = 26855
# ;; qr = 1opCode: QUERYaa = 0tc = 0rd = 1
# ;; ra = 1ad = 0cd = 0rcode = NoError
# ;; qdCount = 1anCount = 18nsCount = 0arCount = 0
#
# ;; QUESTION SECTION (1 record):
# ;; 1.60.208.2083.in-addr.arpa. IN PTR
#
# ;; ANSWER SECTION (1 record):
# 1.60.208.203.in-addr.arpa. 47300 IN PTR crawl-203-208-60-1.googlebot.com.
reversed_dns = resolver.answer[0].ptr
# "crawl-203-208-60-1.googlebot.com."Pythonic Reverse IP Lookups
For python, the fast and simple approach is to use the already built in socket library. Using the aptly named
gethostbyaddr method, the lookup is fairly easy:Reverse DNS in python using ‘socket’
import socket
reversed_dns = socket.gethostbyaddr('203.208.60.1')
# ('crawl-203-208-60-1.googlebot.com', ['1.60.208.203.in-addr.arpa'], ['203.208.60.1'])
reversed_dns[0]
# 'crawl-203-208-60-1.googlebot.com'However, there are specific packages that you can install that will give you some added power. For example,
dnspython is an awesome library that is regularly maintained.Reverse DNS in python using ‘dnspython’
from dns import reversename, resolver
rev_name = reversename.from_address('203.208.60.1')
reversed_dns = str(resolver.query(rev_name,"PTR")[0])
# 'crawl-203-208-60-1.googlebot.com.'Bash: Command Line Reverse DNS Lookups
Reverse DNS lookups are really easy from the command line. Most linux platforms support this right out of the box. Here we’re using the terminal app on Mac OS X. Just use the
host command followed by an IP address.Reverse DNS lookup in the Command Prompt
You can also easily do a DNS lookups using the same
host command with a given IP:~$ host 66.249.66.1
1.66.249.66.in-addr.arpa domain name pointer crawl-66-249-66-1.googlebot.com.Then just as easily, using the same
host command to do a forward DNS lookup from the command line:Forward DNS lookup in the Command Prompt
~$ host crawl-66-249-66-1.googlebot.com
crawl-66-249-66-1.googlebot.com has address 66.249.66.1Windows: Reverse DNS lookup in Windows
To perform a reverse DNS lookup to find a hostname on windows, use either the
ping or nslookup commands.Reverse DNS lookups with Ping on Windows
When using the
ping command, make sure to add the -a flag so it will resolve the addresses hostnames. If there is no hostname for the entry, it will just ping without a name.ping -a 66.249.66.1There's a drawback with
pign since it's not strictly a name server lookup. It's possible to receive an out of date cached result. As a way to either double check or to be sure to get the most accurate result, you might want to try nslookup instead.Reverse DNS lookups with nslookup on Windows
Similar to
ping and the host command, the nslookup command on widows just needs to be followed by an IP to perform a DNS lookup:nslookup 66.249.66.1
Server: crawl-66-249-66-1.googlebot.com
Address: 66.249.66.1Automated bulk lookups
If you're looking for an easy way to do a reverse and forward DNS lookup in bulk, check out my command line tool I recently created in golang. It's called goodbots and is open source on github: https://github.com/eywu/goodbots
