How To Resolve IP Addresses To Domain Names?

ip-address hostname domain-name rdns

103,064

Solution 1

Yes, you can (sometimes) resolve an IP Address back to a hostname.

Within DNS, an IP Address can be stored against a PTR record. You can use nslookup to resolve both hostnames and IP addresses, though use of nslookup has been deprecated for quite some time.

For best results, you should really get a hold of the dig tool. If you're a linux user, this is available as part of dnsutils (debian), or similar package. If you're a windows user, you can follow instructions such as these to install dig.

You can then do:

dig A <hostname>

To lookup the IPv4 address for a host, or:

dig AAAA <hostname>

To lookup the IPv6 address for a host, or:

dig PTR ZZZ.YYY.XXX.WWW.in-addr.arpa.

To lookup the hostname for IPv4 address WWW.XXX.YYY.ZZZ (note the octets are reversed), or:

dig PTR b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.

To get the hostname for the IPv6 address 2001:db8::567:89ab.

Solution 2

nslookup <ipaddress> or nslookup <hostname>

Solution 3

You can use nslookup, dig, or other network tool to possibly get a domain name for an IP address, but it's not necessarily going to be the one you're expecting.

Unlike normal DNS lookups, where many names can resolve to a single IP address, reverse DNS lookups can only resolve to a single name, and that's handled by whomever controls the reverse DNS information for the IP block in question. Nobody else can set up a PTR record on a random IP address block. This is in contrast to "normal" DNS lookups, where anyone can set up a domain name and create A records pointing at whatever IP addresses they'd like.

This ServerFault question has a bit more info on this topic.

My point is that just because you can do it doesn't mean that you'll get what you're expecting or that it will be useful.

Solution 4

dig has the -x addr option:

Reverse lookups -- mapping addresses to names -- are simplified by the -x option. addr is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide the name, class and type arguments

For example:

dig -x 82.165.8.211

As an aside: the IP address was in the journalctl log of an ARTIK 710 dev board, and I thought it had been hacked. I couldn't remember the dig option to do this without using the tedious PTR method, but then I saw Michael's comment.

And the manpage for dig just mentions it in passing; I didn't even notice it until I found the answer here and went back and searched for it.

p.s. the address resolved to ipv4.connman.net, and then I found it; I wasn't hacked.

[root@artik ~]# grep -r '\<ipv4.connman.net\>' /etc /usr/bin /usr/sbin
Binary file /usr/sbin/connmand matches

the log entries that caused concern were:

Jul 15 04:41:11 artik connmand[1870]: wlan0 {add} route 82.165.8.211 gw 192.168.251.1 scope 0 <UNIVERSE>
Jul 15 04:41:12 artik connmand[1870]: wlan0 {del} route 82.165.8.211 gw 192.168.251.1 scope 0 <UNIVERSE>

Solution 5

Another way to "resolve" IP-addresses to hostnames is possible using the bing search engine. If the host runs a public webserver and some sites served by the host are indexed, you can query it using the ip: prefix.

Just enter ip:64.34.119.12 into the search form to get a list of hostnames behind that ip.

View more solutions

103,064

moritzebeling

Updated on September 18, 2022

Comments

moritzebeling over 1 year

I know it is possible to resolve IP addresses to host names but can IPs be resolved to domain names?
Mike Insch almost 13 years

Indeed - the reverse lookup is achieved via a PTR Resource Record, PTR being shorthand for pointer.
user almost 13 years

What's wrong with dig -x <ipaddress>? On my Linux system, it speaks both IPv4 and IPv6. dig -x 169.254.0.1 and dig -x fe80::1.
user almost 13 years

Additionally, with both nslookup and dig, enabling trace mode will sometimes give you clues even when an IP address has no exact PTR record. Using dig, add +trace to the command line. With nslookup, at least on Windows, it's set debug in its command mode before issuing the lookup.
hicklypups almost 13 years

Probably the most common use for a PTR record is with e-mail. The receiving e-mail server usually checks to make sure that the PTR record matches the domain trying to send, and if not, it will drop it.
Ken Bloom almost 13 years

+1: This had to be said. Often for well-known internet sites where the A record and the PTR record are both under control of the same person, the PTR record still refers to some internal machine name. The PTR record may also be nonexistant, for example if you try to dig www.google.com then dig -x one of the IP addresses that www.google.com maps to.
Andrioid almost 13 years

Good answer. The question however sounds like someone who wants to know who is responsible for the IP in question. In that case, I would recommend a WHOIS tool, "whois a.b.c.d" to figure out who owns the address range.
user606723 almost 13 years

@Michael, agreed.
hyperslug over 12 years

For windows, I seem to remember using ping -a 192.168.0.1 and getting a name back. Can anyone on Windows see if that works for external IP's?
user over 12 years

@hyperslug, ping's -a option is listed as Resolve addresses to hostnames on Win7 at least, so I don't see why it wouldn't work. However, nslookup or even better dig are actually meant for things like this. Ping isn't.
HiFi over 12 years

"use of nslookup has been deprecated for quite some time" Wait, what? [citation needed]
Mike Insch over 12 years

@TheLQ: I quote from the BIND 9.4 Administrators Reference Manual, "Due to its arcane user interface and frequently inconsistent behavior, we do not recommend the use of nslookup. Use dig instead.". In many cases, use of nslookup also results in "nslookup is deprecated and may be removed from future releases. Consider using the dig or host programs instead". Google could easily have informed you of this had you cared to look.
jcrawfordor over 12 years

It should be said that a common situation is shared servers, where the reverse lookup will be the domain assigned by whatever company owns the server. Or, for shared IPs, whatever company owns the ISP. for example, if you do a reverse lookup on a website's IP, you might get something odd like "host123.somecompany.com". You're probably seeing a shared server. If you do a reverse on a random IP, you might see something like "c-12-34-56-78.hsd1.or.comcast.net". This is an IP belonging to comcast.net, an ISP, so it must be some random home user.
moritzebeling over 12 years

But this is for Linux.
MaQleod over 12 years

@boris_yo, here is one for windows: softpedia.com/get/Network-Tools/Misc-Networking-Tools/… - I know there is a better one out there, I just need to find it.