How To Resolve IP Addresses To Domain Names?
Solution 1
Yes, you can (sometimes) resolve an IP Address back to a hostname.
Within DNS, an IP Address can be stored against a PTR
record. You can use nslookup
to resolve both hostnames and IP addresses, though use of nslookup
has been deprecated for quite some time.
For best results, you should really get a hold of the dig
tool. If you're a linux user, this is available as part of dnsutils
(debian), or similar package. If you're a windows user, you can follow instructions such as these to install dig
.
You can then do:
dig A <hostname>
To lookup the IPv4 address for a host, or:
dig AAAA <hostname>
To lookup the IPv6 address for a host, or:
dig PTR ZZZ.YYY.XXX.WWW.in-addr.arpa.
To lookup the hostname for IPv4 address WWW.XXX.YYY.ZZZ
(note the octets are reversed), or:
dig PTR b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
To get the hostname for the IPv6 address 2001:db8::567:89ab.
Solution 2
nslookup <ipaddress>
or nslookup <hostname>
Solution 3
You can use nslookup
, dig
, or other network tool to possibly get a domain name for an IP address, but it's not necessarily going to be the one you're expecting.
Unlike normal DNS lookups, where many names can resolve to a single IP address, reverse DNS lookups can only resolve to a single name, and that's handled by whomever controls the reverse DNS information for the IP block in question. Nobody else can set up a PTR
record on a random IP address block. This is in contrast to "normal" DNS lookups, where anyone can set up a domain name and create A
records pointing at whatever IP addresses they'd like.
This ServerFault question has a bit more info on this topic.
My point is that just because you can do it doesn't mean that you'll get what you're expecting or that it will be useful.
Solution 4
dig
has the -x addr
option:
Reverse lookups -- mapping addresses to names -- are simplified by the
-x
option.addr
is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide thename
,class
andtype
arguments
For example:
dig -x 82.165.8.211
As an aside: the IP address was in the journalctl log of an ARTIK 710 dev board, and I thought it had been hacked. I couldn't remember the dig
option to do this without using the tedious PTR method, but then I saw Michael's comment.
And the manpage for dig
just mentions it in passing; I didn't even notice it until I found the answer here and went back and searched for it.
p.s. the address resolved to ipv4.connman.net, and then I found it; I wasn't hacked.
[root@artik ~]# grep -r '\<ipv4.connman.net\>' /etc /usr/bin /usr/sbin
Binary file /usr/sbin/connmand matches
the log entries that caused concern were:
Jul 15 04:41:11 artik connmand[1870]: wlan0 {add} route 82.165.8.211 gw 192.168.251.1 scope 0 <UNIVERSE>
Jul 15 04:41:12 artik connmand[1870]: wlan0 {del} route 82.165.8.211 gw 192.168.251.1 scope 0 <UNIVERSE>
Solution 5
Another way to "resolve" IP-addresses to hostnames is possible using the bing search engine. If the host runs a public webserver and some sites served by the host are indexed, you can query it using the ip:
prefix.
Just enter ip:64.34.119.12
into the search form to get a list of hostnames behind that ip.
Related videos on Youtube
moritzebeling
Updated on September 18, 2022Comments
-
moritzebeling over 1 year
I know it is possible to resolve IP addresses to host names but can IPs be resolved to domain names?
-
Mike Insch almost 13 yearsIndeed - the reverse lookup is achieved via a
PTR
Resource Record, PTR being shorthand forpointer
. -
user almost 13 yearsWhat's wrong with
dig -x <ipaddress>
? On my Linux system, it speaks both IPv4 and IPv6.dig -x 169.254.0.1
anddig -x fe80::1
. -
user almost 13 yearsAdditionally, with both nslookup and dig, enabling trace mode will sometimes give you clues even when an IP address has no exact PTR record. Using dig, add
+trace
to the command line. With nslookup, at least on Windows, it'sset debug
in its command mode before issuing the lookup. -
hicklypups almost 13 yearsProbably the most common use for a PTR record is with e-mail. The receiving e-mail server usually checks to make sure that the PTR record matches the domain trying to send, and if not, it will drop it.
-
Ken Bloom almost 13 years+1: This had to be said. Often for well-known internet sites where the
A
record and thePTR
record are both under control of the same person, thePTR
record still refers to some internal machine name. ThePTR
record may also be nonexistant, for example if you try todig www.google.com
thendig -x
one of the IP addresses thatwww.google.com
maps to. -
Andrioid almost 13 yearsGood answer. The question however sounds like someone who wants to know who is responsible for the IP in question. In that case, I would recommend a WHOIS tool, "whois a.b.c.d" to figure out who owns the address range.
-
user606723 almost 13 years@Michael, agreed.
-
hyperslug over 12 yearsFor windows, I seem to remember using
ping -a 192.168.0.1
and getting a name back. Can anyone on Windows see if that works for external IP's? -
user over 12 years@hyperslug, ping's
-a
option is listed asResolve addresses to hostnames
on Win7 at least, so I don't see why it wouldn't work. However,nslookup
or even betterdig
are actually meant for things like this.Ping
isn't. -
HiFi over 12 years"use of nslookup has been deprecated for quite some time" Wait, what? [citation needed]
-
Mike Insch over 12 years@TheLQ: I quote from the BIND 9.4 Administrators Reference Manual, "Due to its arcane user interface and frequently inconsistent behavior, we do not recommend the use of nslookup. Use dig instead.". In many cases, use of
nslookup
also results in "nslookup
is deprecated and may be removed from future releases. Consider using thedig
orhost
programs instead". Google could easily have informed you of this had you cared to look. -
jcrawfordor over 12 yearsIt should be said that a common situation is shared servers, where the reverse lookup will be the domain assigned by whatever company owns the server. Or, for shared IPs, whatever company owns the ISP. for example, if you do a reverse lookup on a website's IP, you might get something odd like "host123.somecompany.com". You're probably seeing a shared server. If you do a reverse on a random IP, you might see something like "c-12-34-56-78.hsd1.or.comcast.net". This is an IP belonging to comcast.net, an ISP, so it must be some random home user.
-
moritzebeling over 12 yearsBut this is for Linux.
-
MaQleod over 12 years@boris_yo, here is one for windows: softpedia.com/get/Network-Tools/Misc-Networking-Tools/… - I know there is a better one out there, I just need to find it.