Linux dns reverse lookups

Linux Commando

Initially a Linux command-line interface blog, it has evolved to cover increasingly more GUI app topics. Instead of just giving you information like some man page, I illustrate their usage in real-life scenarios.

Search This Blog

Monday, July 28, 2008

How to do reverse DNS lookup

Most people can better remember domain names, e.g., www.gnu.org, than their corresponding IP addresses, 199.232.41.10. (In this example, www.gnu.org is the home of the Free Software Foundation.) We delegate the responsibility to machines, aka, the DNS servers, to resolve the domain names for us.

Sometimes, we do need to manually lookup the IP address of a domain name. You may already be familiar with the nslookup command which is now deprecated. We use the dig command to make DNS queries.

$ dig +noall +answer www.gnu.org
www.gnu.org. 67 IN CNAME gnu.org.
gnu.org. 67 IN A 199.232.41.10

The IP address is displayed in the A record, and is 199.232.41.10.

The +noall, +answer combination basically tells dig to only report the answer of the DNS query and skip the rest of the output.

You can also use the dig command with the -x option to do a reverse DNS lookup. A reverse DNS lookup means you want to look up the domain and host name of an IP address.

$ dig +noall +answer -x 199.232.41.10
10.41.232.199.in-addr.arpa. 36000 IN CNAME rev-c41-10.gnu.org.
rev-c41-10.gnu.org. 300 IN PTR www.gnu.org.

The PTR record is the one that contains the domain host name. The domain name is, as you expect, www.gnu.org.

Note that PTR records are not required for IP addresses. If a PTR record is not defined for an IP address, you cannot do a remote DNS lookup.

8 comments:

On most systems, this is more easily done using the host() command:

$ host gnu.org
gnu.org has address 199.232.41.10
gnu.org mail is handled by 10 mx10.gnu.org.
gnu.org mail is handled by 20 mx20.gnu.org.
$ host 199.232.41.10
10.41.232.199.in-addr.arpa is an alias for rev-c41-10.gnu.org.
rev-c41-10.gnu.org domain name pointer www.gnu.org.

thanks you ,very nice
but how can i dig for everything related to my domain,
it means anything affect my domain since it’s rendered throw headers .. and till it cameback to browser
couse sometimes i have problems in my domain and ISP tells it server issue and server tell it’s ISP issue 🙁

thank you so much, very useful.

How to get PTR and SOA information together using one command in dig?

Or you can just use the nslookup command.

The problem is that they all give you the pretty name (with a dot suffix) if you try to place it in etc hosts file and use java InetAddress.getLocalhost you’re in trouble

Old thread but since I just worked with this kind of problem I thought I might post a link to my take on this. In order to extract domain info from a IPv4 address I try to pull a certificate from the IP endpoint. Useful in some cases, not a very predictable way of doing things of course but with a surprisingly high rate this is just the information that you want (or that I wanted anyway. ).

Need help trying to get ip address to see who posted a video ip address .216.18.160.216.18.191.255

Источник

Что такое reverse dns lookup и как получить reverse dns

Что такое Reverse DNS легко понять, если вы знаете что такое DNS. Получение Reverse DNS — противоположенность DNS.

Т.е. если традиционный (прямой) DNS заключается в получении ip-адреса по хосту, то Reverse DNS (обратный, противоположенный) — это получение хоста по ip-адресу. Также Reverse DNS называют PTR-записью (pointer, указатель).

Как получить запись reverse DNS lookup на linux?

Для получения reverse DNS нужно воспользоваться одной из двух команд:

Если вам нужно только имя хоста (без дополнительной информации), то удобно будет воспользоваться командой dig с опциями -x и +short , которая вернёт одну строку — только искомый host.

-x — опция говорит включить обратный поиск DNS вместо прямого. Обратный поиск DNS (reverse dns lookup) означает, что вы хотите искать домен или имя хоста по IP-адресу.

+short — опция скрывает информацию (номер порта и адрес) о сервере, который предоставил ответ.

$ nslookup 93.125.99.10 Server: 127.0.1.1 Address: 127.0.1.1#53 Non-authoritative answer: 10.99.125.93.in-addr.arpa name = vh40.hosterby.com. Authoritative answers can be found from: 99.125.93.in-addr.arpa nameserver = ns1.tutby.com. 99.125.93.in-addr.arpa nameserver = ns2.tutby.com. ns2.tutby.com internet address = 178.124.133.100 ns1.tutby.com internet address = 93.125.30.200 $ dig +short -x 93.125.99.10 vh40.hosterby.com.

Как видно, dig вернул всего одну строку vh40.hoster.by.

Пример reverse DNS на картинке:

Хост jeka.by висит на ip 93.125.99.10. Это дешёвый shared хостинг. На этом IP висит большое количество сайтов. Для этого же ip обратным адресом является хост моего хостера vh40.hosterby.com.

Солидные ресурсы в обязательном порядке имеют собственные настроенные reverse dns. Это нужно хотя бы для того, чтобы вероятность попадания электронных писем в спам была меньше. Для этого адрес в поле From должен совпадать с доменом, указанным в reverse dns (совпадать с PTR). Это связано с тем, что спамеры часто подделывают доменные имена при отправке почты.

Для PTR записей нет конкретных технических требований. Но всё же большинство провайдеров используют следующие правила:

• Для каждого IP-адреса существует одна единственная PTR запись;
• Для серверa с несколькими IP-адресами будут прописаны несколько PTR записей, по одной на каждый IP-адрес;
• Для любого почтового сервера должна быть установлена MX-запись и A-запись – это правило является одним из самых важных;
• Для каждой PTR записи должна быть А-запись, а вот наоборот – не обязательно.

Дата добавления: 9 лет назад

Источник

Do a Reverse DNS Lookup in Linux

DNS process is known as forwarding DNS resolution in which it resolves the domain name with an IP address. Whereas, Reverse DNS Resolution or Reverse DNS lookup, also known as rDNS, is used to determine or resolve the IP address associated with the domain name. As the name implies, it is a reverse DNS lookup process that resolves an IP address back to the domain name.

Reverse DNS lookup is used by email servers to validate and block spam email messages. If the rDNS check fails, then Email servers by default mark the incoming messages as SPAM. Most of the time, email servers automatically reject the messages from an IP address that does not contain rDNS in place. Therefore, if you need to add an rDNS, you can contact your hosting or IP provider to do it.

In this article, we will explain how you can perform the reverse DNS lookup process in Linux through the command line environment.

There are three different commands available in the Linux system that can be used to perform the rDNS lookup process:

• dig Command: Domain Information Groper, which is known as dig, is useful for observing DNS name servers.
• host Command: host is a command-line utility used for performing the DNS lookups. It converts the hostnames to IP addresses and vice versa.
• nslookup Command: Nslookup is used to examine Internet domain name servers.

Perform the Reverse DNS Lookup Using the dig command

Using the dig command, you can easily perform the rDNS lookup manually through the terminal and show answers that are returned from the name server(s) that were examined. This command gives flexible and clear output, which is the main reason DNS administrators used the dig command to resolve the DNS problems. Use the following command to perform the rDNS lookup in Linux:

Perform Reverse DNS Lookup Using the host command

Host utility converts the names to IP address and vice-versa, as we have discussed above. To perform a DNS lookup using the host command, type the following command:

Perform Reverse DNS (rDNS) Lookup Using the nslookup Command

The nslookup is the most commonly used network administration tool that helps check and resolve DNS-related problems. It has two different modes for displaying the output: interactive and non-interactive mode.

The interactive mode displays the information about various hosts and domains against the query. In the non-interactive mode, it only shows the name and relevant requested details for a domain. Use the following nslookup command to display the information about the given IP address:

Conclusion

The reverse DNS lookup is a straightforward method to ensure that the IP address does belong to the specified domain. So, using the above-mentioned commands, you can easily display the rDNS lookup information of a given Ip address. Please, send your query via comments.

About the author

Karim Buzdar

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.

Источник