A reverse DNS lookup is sometimes called a reverse IP lookup because you start with an IP address and use it to lookup a hostname. For example, if you have an IP address like 126.96.36.199, a reverse DNS lookup will return the hostname crawl-66-249-64-10.googlebot.com.
You might also see reverse DNS lookups referred to as reverse DNS resolution, reverse PTR lookup, or reverse Pointer DNS lookup. They’re all synonymous.
Since reverse DNS lookups are a pretty common task, many languages have libraries that support lookups. We’ll cover performing a reverse IP lookup in 3 popular languages:
Ruby has a number of gems which you can use, but I prefer
resolvbecause it’s built into Ruby’s Standard Library, and it’s really easy to use.
Simply use the intuitive
require 'resolv' reversed_dns = Resolv.new.getname '188.8.131.52' # "crawl-203-208-60-1.googlebot.com"
resolvjust isn’t for you, there are alternative gem that package powerful DNS tools together. For instance,
net-dnsare two great DNS libraries.
dnsrubyis a cool gem because it’s built on top of resolv, but with some added functionality like the ability to do zone transfers or perform queries with retries across multiple nameservers.
require 'dnsruby' resolver = Dnsruby::Resolver.new.query '184.108.40.206' # ;; Security Level : UNCHECKED # ;; HEADER SECTION # ;; id = 59252 # ;; qr = true opcode = Query aa = false tc = false rd = true # ;; ra = true ad = false cd = true rcode = NOERROR # ;; qdcount = 1 ancount = 1 nscount = 4 arcount = 5 # # OPT pseudo-record : payloadsize 1280, xrcode 0, version 0, flags 32768 # # ;; QUESTION SECTION (1 record) # ;; 220.127.116.11.in-addr.arpa. IN PTR # # ;; ANSWER SECTION (1 record) # 18.104.22.168.in-addr.arpa. 86068 IN PTR crawl-203-208-60-1.googlebot.com. # # ;; AUTHORITY SECTION (4 records) # 60.208.203.in-addr.arpa. 86068 IN NS ns1.google.com. # 60.208.203.in-addr.arpa. 86068 IN NS ns3.google.com. # 60.208.203.in-addr.arpa. 86068 IN NS ns4.google.com. # 60.208.203.in-addr.arpa. 86068 IN NS ns2.google.com. # # ;; ADDITIONAL SECTION (5 records) # ns2.google.com. 303789 IN A 22.214.171.124 # ns3.google.com. 219381 IN A 126.96.36.199 # ns4.google.com. 303744 IN A 188.8.131.52 # ns1.google.com. 303769 IN A 184.108.40.206 reversed_dns = resolver.answer.domainname.to_s # "crawl-203-208-60-1.googlebot.com"
net-dnsis also a great gem and is regularly maintained. net-dns is a close port of perl’s Net::DNS and it shares almost all the same powerful functionality. So if you’re familiar with the perl library, this might be the gem for you.
require 'net/dns/resolver' resolver = Net::DNS::Resolver.new.search '220.127.116.11' # ;; Answer received from 10.44.225.18:53 (89 bytes) # ;; # ;; HEADER SECTION # ;; id = 26855 # ;; qr = 1opCode: QUERYaa = 0tc = 0rd = 1 # ;; ra = 1ad = 0cd = 0rcode = NoError # ;; qdCount = 1anCount = 18nsCount = 0arCount = 0 # # ;; QUESTION SECTION (1 record): # ;; 18.104.22.1683.in-addr.arpa. IN PTR # # ;; ANSWER SECTION (1 record): # 22.214.171.124.in-addr.arpa. 47300 IN PTR crawl-203-208-60-1.googlebot.com. reversed_dns = resolver.answer.ptr # "crawl-203-208-60-1.googlebot.com."
For python, the fast and simple approach is to use the already built in socket library. Using the aptly named
gethostbyaddrmethod, the lookup is fairly easy:
import socket reversed_dns = socket.gethostbyaddr('126.96.36.199') # ('crawl-203-208-60-1.googlebot.com', ['188.8.131.52.in-addr.arpa'], ['184.108.40.206']) reversed_dns # 'crawl-203-208-60-1.googlebot.com'
However, there are specific packages that you can install that will give you some added power if you need it. For instance
dnspythonis an awesome library that is regularly maintained.
from dns import reversename, resolver rev_name = reversename.from_address('220.127.116.11') reversed_dns = str(resolver.query(rev_name,"PTR")) # 'crawl-203-208-60-1.googlebot.com.'
Reverse DNS lookups are probably the easiest from the command line. Most linux platforms support this right out of the box. Here we’re using my terminal app on Mac OS X; and it couldn’t be simpler. Just use the
hostcommand followed by an IP address.
~$ host 18.104.22.168 22.214.171.124.in-addr.arpa domain name pointer crawl-66-249-66-1.googlebot.com.
You can also quickly do forward DNS lookups using the same
~$ host crawl-66-249-66-1.googlebot.com crawl-66-249-66-1.googlebot.com has address 126.96.36.199