Unix reverse dns lookup - using dig command - PTR dns record type
DIG is a unix dns lookup utility available in most of the distributions, Linux and FreeBSD included. Either in the package distributions or in the base systems.
For a list of dns records, best source is wiki "List of DNS record types"
http://en.wikipedia.org/wiki/List_of_DNS_record_types. The main and most used DNS record types are:
- dns SOA record: it defines the start of authority for specific domain.
- dns A record: it points a human readable domain name (example:
http://www.mywebsite.com) to a machine readable IPv4 address (example: 192.168.1.1).
- dns AAAA record: it has the same significance as A record type, but it points to an IPv6 address.
- dns MX record: it maps a domain name to a list of mail transfer agents for that specific domain
- dns PTR record: it is used for reverse DNS lookups. It returns a human readable FQDN assigned to an IP address. Example: IP 192.168.1.1 is mapped to "internal-gateway-if-eth0.mydomain.com"
This tutorial shows
how to perform reverse DNS lookup for an IPv4 address using dig command, but before a little about Reverse DNS lookup quoted from wikipedia: Reverse DNS lookup
http://en.wikipedia.org/wiki/Reverse_DNS_lookupQuote:
Reverse DNS lookup
From Wikipedia, the free encyclopedia
"Reverse DNS" redirects here. For other uses, see Reverse DNS (disambiguation).
In computer networking, reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address using the Domain Name System (DNS) of the Internet.
Computer networks use the Domain Name System to determine the IP address associated with a domain name. This process is also known as forward DNS resolution. Reverse DNS lookup is the inverse process, the resolution of an IP address to its designated domain name.
The reverse DNS database of the Internet is rooted in the Address and Routing Parameter Area (arpa) top-level domain of the Internet. IPv4 uses the in-addr.arpa domain and the ip6.arpa domain is delegated for IPv6. The process of reverse resolving an IP address uses the pointer DNS record type (PTR record).
Informational RFCs (RFC 1033, RFC 1912 Section 2.1) specify that "Every Internet-reachable host should have a name" and that such names match with a reverse pointer record, but it is not a requirement of standards governing operation of the DNS itself.
Now that we know what the reverse DNS lookup database is and what are the domains allocated for reverse lookups for IPv4 and IPv6 here are two examples of doing this with
dig command:
1. dig dns reverse lookup using -x option (from "man dig": -x option is supplied to indicate a reverse lookup):
Code:
$ dig +short -x 82.78.227.176
176.176-191.227.78.82.in-addr.arpa.
ivorde.ro.
2. dig dns lookup using domain assigned for IPv4 reverse lookups.
Code:
$ dig +short ptr 176.227.78.82.in-addr.arpa.
176.176-191.227.78.82.in-addr.arpa.
ivorde.ro.
One ting to note here is that the PTR lookup query argument is the IP address starting at 4th byte and ending at 1st byte followed by the ".in-addr.arpa." keyword which is ipv4 domain followed by a dot.