Performing a Reverse IP Lookup in Ruby, Python, and Bash
A reverse DNS lookup is sometimes called a reverse IP lookup because you start with an IP address and use it to lookup a hostname. For example, if you have an IP address like 126.96.36.199, a reverse DNS lookup will return the hostname crawl-66-249-64-10.googlebot.com.
You might also see reverse DNS lookups referred to as reverse DNS resolution, reverse PTR lookup, or reverse Pointer DNS lookup. They’re all synonymous.
Since reverse DNS lookups are a pretty common task, many languages have libraries that support lookups. We’ll cover performing a reverse IP lookup in 3 popular languages:
Reverse DNS Lookups in Ruby
Ruby has a number of gems which you can use, but I prefer
resolvbecause it’s built into Ruby’s Standard Library, and it’s really easy to use.
Just use the
Reverse DNS in ruby using ‘resolv’
require 'resolv' reversed_dns = Resolv.new.getname '188.8.131.52' # "crawl-203-208-60-1.googlebot.com"
resolvjust isn’t for you, there are alternative gem that package powerful DNS tools together. For example,
net-dnsare two great DNS libraries.
dnsrubyis a cool gem because it’s built on top of resolv, but with some added functionality like the ability to:
- do zone transfers
- or perform queries with retries across multiple nameservers.
Reverse DNS in ruby using ‘dnsruby’
require 'dnsruby' resolver = Dnsruby::Resolver.new.query '184.108.40.206' # ;; Security Level : UNCHECKED # ;; HEADER SECTION # ;; id = 59252 # ;; qr = true opcode = Query aa = false tc = false rd = true # ;; ra = true ad = false cd = true rcode = NOERROR # ;; qdcount = 1 ancount = 1 nscount = 4 arcount = 5 # # OPT pseudo-record : payloadsize 1280, xrcode 0, version 0, flags 32768 # # ;; QUESTION SECTION (1 record) # ;; 220.127.116.11.in-addr.arpa. IN PTR # # ;; ANSWER SECTION (1 record) # 18.104.22.168.in-addr.arpa. 86068 IN PTR crawl-203-208-60-1.googlebot.com. # # ;; AUTHORITY SECTION (4 records) # 60.208.203.in-addr.arpa. 86068 IN NS ns1.google.com. # 60.208.203.in-addr.arpa. 86068 IN NS ns3.google.com. # 60.208.203.in-addr.arpa. 86068 IN NS ns4.google.com. # 60.208.203.in-addr.arpa. 86068 IN NS ns2.google.com. # # ;; ADDITIONAL SECTION (5 records) # ns2.google.com. 303789 IN A 22.214.171.124 # ns3.google.com. 219381 IN A 126.96.36.199 # ns4.google.com. 303744 IN A 188.8.131.52 # ns1.google.com. 303769 IN A 184.108.40.206 reversed_dns = resolver.answer.domainname.to_s # "crawl-203-208-60-1.googlebot.com"
net-dnsis also a great gem and is regularly maintained. net-dns is a close port of perl’s Net::DNS and it shares almost all the same powerful functionality. So if you’re familiar with the perl library, this might be the gem for you.
Reverse DNS in ruby using ‘net-dns’
require 'net/dns/resolver' resolver = Net::DNS::Resolver.new.search '220.127.116.11' # ;; Answer received from 10.44.225.18:53 (89 bytes) # ;; # ;; HEADER SECTION # ;; id = 26855 # ;; qr = 1opCode: QUERYaa = 0tc = 0rd = 1 # ;; ra = 1ad = 0cd = 0rcode = NoError # ;; qdCount = 1anCount = 18nsCount = 0arCount = 0 # # ;; QUESTION SECTION (1 record): # ;; 18.104.22.1683.in-addr.arpa. IN PTR # # ;; ANSWER SECTION (1 record): # 22.214.171.124.in-addr.arpa. 47300 IN PTR crawl-203-208-60-1.googlebot.com. reversed_dns = resolver.answer.ptr # "crawl-203-208-60-1.googlebot.com."
Pythonic Reverse IP Lookups
For python, the fast and simple approach is to use the already built in socket library. Using the aptly named
gethostbyaddrmethod, the lookup is fairly easy:
Reverse DNS in python using ‘socket’
import socket reversed_dns = socket.gethostbyaddr('126.96.36.199') # ('crawl-203-208-60-1.googlebot.com', ['188.8.131.52.in-addr.arpa'], ['184.108.40.206']) reversed_dns # 'crawl-203-208-60-1.googlebot.com'
However, there are specific packages that you can install that will give you some added power. For example,
dnspythonis an awesome library that is regularly maintained.
Reverse DNS in python using ‘dnspython’
from dns import reversename, resolver rev_name = reversename.from_address('220.127.116.11') reversed_dns = str(resolver.query(rev_name,"PTR")) # 'crawl-203-208-60-1.googlebot.com.'
Bash: Command Line Reverse DNS Lookups
Reverse DNS lookups are really easy from the command line. Most linux platforms support this right out of the box. Here we’re using the terminal app on Mac OS X. Just use the
hostcommand followed by an IP address.
Reverse DNS lookup in the Command Prompt
You can also easily do a DNS lookups using the same
hostcommand with a given IP:
~$ host 18.104.22.168 22.214.171.124.in-addr.arpa domain name pointer crawl-66-249-66-1.googlebot.com.
Then just as easily, using the same
hostcommand to do a forward DNS lookup from the command line:
Forward DNS lookup in the Command Prompt
~$ host crawl-66-249-66-1.googlebot.com crawl-66-249-66-1.googlebot.com has address 126.96.36.199
Windows: Reverse DNS lookup in Windows
To perform a reverse DNS lookup to find a hostname on windows, use either the
Reverse DNS lookups with Ping on Windows
When using the
pingcommand, make sure to add the
-aflag so it will resolve the addresses hostnames. If there is no hostname for the entry, it will just ping without a name.
ping -a 188.8.131.52
There's a drawback with
pignsince it's not strictly a name server lookup. It's possible to receive an out of date cached result. As a way to either double check or to be sure to get the most accurate result, you might want to try
Reverse DNS lookups with nslookup on Windows
nslookupcommand on widows just needs to be followed by an IP to perform a DNS lookup:
nslookup 184.108.40.206 Server: crawl-66-249-66-1.googlebot.com Address: 220.127.116.11
Automated bulk lookups
If you're looking for an easy way to do a reverse and forward DNS lookup in bulk, check out my command line tool I recently created in golang. It's called goodbots and is open source on github: https://github.com/eywu/goodbots
Resources & References
Enable reverse DNS functionality for Route 53 with a PTR record
I need to configure reverse domain name service (DNS) resolution for a server using Amazon Route 53. How can I do this? To configure reverse DNS resolution for a Simple Mail Transfer Protocol (SMTP) server, you must first determine the appropriate method for your use case: If you have an on-premises SMTP server and you use non-AWS resources, your IP addresses might be owned by a third party.
Resolv is a thread-aware DNS resolver library written in Ruby. Resolv can handle multiple DNS requests concurrently without blocking the entire Ruby interpreter. Add this line to your application's Gemfile: And then execute: Or install it yourself as: After checking out the repo, run bin/setup to install dependencies.
socket - Low-level networking interface - Python 3.9.5 documentation
Source code: Lib/socket.py This module provides access to the BSD socket interface. It is available on all modern Unix systems, Windows, MacOS, and probably additional platforms. Note Some behavior may be platform dependent, since calls are made to the operating system socket APIs.
goodbots verifies the IP addresses of respectful crawlers like Googlebot by performing reverse dns and forward dns lookups. Given an IP address (ex. 18.104.22.168) It performs a reverse dns lookup to get a hostname (ex. crawl-66-249-87-225.googlebot.com) Then does a forward dns lookup on the hostname to get an IP (ex.