Want to learn how to perform reverse DNS lookup in Linux?
The Domain Name System is a fundamental part of the Internet. It assigns each domain name or website its IP (Internet Protocol) address and stores other pieces of information related to the website.
“Reverse DNS lookup” is a method through which you can extract the associated domain name for an IP address. It is the opposite of a “Forward DNS lookup”, in which we can get the associated IP address for a domain name.
The mechanism of a reverse DNS lookup involves a PTR (Pointer) record. The PTR record stores the IP of domains. The DNS is inquired for the PTR record of the particular domain for which we perform the reverse DNS procedure. If there is a missing PTR record in the domain, the reverse DNS lookup cannot be carried out.
PTR stores the IP of domains and servers by reversing them. The reversed IPs are attached with .ip6.arpa at the end. Before .ip6.arpa, the reversed segments ended with .in-addr.arpa. For example, the IP of a domain is 22.214.171.124, information of this domain, nowadays, will be stored in the PTR record as “126.96.36.199.ip6.arpa”.
Reverse DNS lookups are usually carried out to find the origin of visitors to your website. There are a few other reasons why one might do a reverse DNS, but it is an elementary part of managing an email system.
Every email system performs a reverse DNS on each incoming email. If the domain name gives an IP on reverse DNS, the email is successfully received. Otherwise, the email is marked as spam. No PTR records exist for such emails, so reverse DNS is important because it protects a system from spam and potentially harmful emails.
Reverse DNS can be performed on any operating system and any computer connected to the internet. To perform a reverse DNS lookup on Linux, the command Terminal is used.
This guide will help you learn how to perform reverse DNS lookup in Linux. We shall cover three different methods you can use to perform a reverse DNS lookup. With the steps followed correctly, you’ll be able to successfully pull off a reverse DNS lookup on Linux.
So without further wait, let’s get going!
1. Perform Reverse DNS Using DIG Command.
There are different methods by which you can perform a reverse DNS on Linux. By methods, we mean commands. Each command is used in its own way and possesses certain characteristics. Each method will help you learn how to perform reverse DNS lookup on Linux.
The first of those commands used with Linux is the DIG command. DIG stands for “Domain Information Groper”. DIG is the goto command commonly used for rDNS in Linux. The syntax for DIG is:
$ sudo dig -x IP address
The command simply gives you the domain name by entering the IP address.
To perform rDNS lookup on Linux using DIG, follow these steps:
- Open the command terminal on your system by pressing Ctrl + Alt +T.
- Once it opens, use DIG and the following as an example to find out the associated domain name for any IP:
$ sudo dig -x 188.8.131.52
- If you enter this IP, you should receive some output as shown in the image below.
As you can see, DIG is an uncomplicated and quick command which easily gives you the domain name. You should just know the IPs. However, if you wish to try another method, then keep reading.
2. Perform Reverse DNS Using Nslookup Command.
Nslookup is another command that we can use to perform reverse DNS lookup on Linux. It stands for “Name Server lookup” and as the name suggests, it is primarily used as a command for performing rDNS lookup. Other than this, it is also used for troubleshooting DNS problems.
Nslookup operates in two modes. The Interactive and Non-Interactive mode. In the interactive mode, we can query for information regarding various domains and servers. In the non-interactive mode, the same function is performed but for only a specified IP or domain. The syntax to use nslookup for rDNS is:
$ sudo nslookup IP address
Follow these steps to use nslookup:
- Open the command terminal.
- Type the following in the terminal.
$ sudo nslookup 184.108.40.206
- When you press enter after typing this command, you should see the following displayed on the terminal.
The nslookup command in the above-mentioned example is operating in the non-interactive mode. For users who just want to perform a simple rDNS, it is advised to do it through non-interactive nslookup mode.
3. Perform Reverse DNS Using Host Command.
The third command with which we can perform a reverse DNS lookup on Linux is the “Host” command. Host command can be used to figure out the domain name using an IP and its opposite as well i.e extract the IP from a domain name.
Host command is more commonly used to edit the host file of your system. The syntax for using host for rDNS is:
$ sudo host <IP address>
Let’s perform rDNS using the host command:
- Open the command terminal.
- In the terminal type the following command to know the domain name for IP 220.127.116.11
$ sudo host 18.104.22.168
You should see this as the output:
Host command gives a very simple answer to the query given to the system. But it does not provide a detailed answer such as when we use DIG or interactive nslookup.
Knowing how to perform rDNS lookup can prove to be a valuable skill. A person who is aware of such a technique can easily defend himself from being hacked through phishing and avoid being scammed. This article went through the ways you could learn how to perform reverse DNS lookup on Linux.
To check available disk space on your Linux system, go through this article here. It will surely help you out.
If this guide helped you, please share it. 🙂