free reverse lookup ip linux

linuxcommando.blogspot.com › 2008 › 07 › how-to-do-reverse-dns-lookup.html

1 of 1

You can use dig +noall +answer -x <IP> to look up an IP address.

To simply loop over a file that contains a list of IP addresses:

while read ip; do dig +noall +answer -x $ip; done < ips.txt

Or, pipe the output of your counting command. This time we get the count and the IP addresses separately and then print them on one line:

cat access.log | awk '{print $1}' | sort | 
uniq -c | sort -n | tail -n10 |
while read count ip; do printf "%d " $count; printf "%s " $ip; dig +noall +answer -x $ip; done

Example (sorry for the UUOC):

cat test | while read count ip; do printf "%d " $count; printf "%s " $ip; dig +noall +answer -x $ip; done
20 8.8.8.8 8.8.8.8.in-addr.arpa.    52767   IN  PTR google-public-dns-a.google.com.
22 8.8.4.4 4.4.8.8.in-addr.arpa.    61369   IN  PTR google-public-dns-b.google.com.

You can further pipe dig's output into awk to just get the host name:

cat test | while read count ip; do printf "%d " $count; printf "%s " $ip; echo $(dig +noall +answer -x $ip | awk '{ print $(NF) }'); done
20 8.8.8.8 google-public-dns-a.google.com.
22 8.8.4.4 google-public-dns-b.google.com.

Blogger

Linux Commando: How to do reverse DNS lookup

67 IN A 199.232.41.10 The IP address is displayed in the A record, and is 199.232.41.10. The +noall, +answer combination basically tells dig to only report the answer of the DNS query and skip the rest of the output. You can also use the dig command with the -x option to do a reverse DNS lookup.

FOSS Linux

fosslinux.com › home › beginner's guide › top 3 ways to lookup reverse dns on linux

Top 3 ways to lookup reverse DNS in Linux | FOSS Linux

April 13, 2020 - In this tutorial, we will show you how to perform a reverse DNS lookup using one of the following methods: ... Before starting, let’s check first how to issue a forward DNS lookup using the dig command as follows: ... As you can notice, using ...

Find elsewhere

Google Bing Mojeek

Ask Ubuntu

askubuntu.com › questions › 813275 › how-to-check-a-bulk-of-ip-for-reverse-dns

command line - How to check a bulk of ip for reverse dns? - Ask Ubuntu

mxtoolbox.com › ReverseLookup.aspx

1 of 4

xargs provides an optin --arg-file. With -L1 option to treat each line as argument, the simplest command we can make is as follows

$ xargs -L1 --arg-file=ip-addr.txt dig +short -x
google-public-dns-a.google.com.
resolver2.opendns.com.

If it's necessary to display the IP address next to the resolved domain, we can also do:

$ xargs -L1 --arg-file=ip-addr.txt sh -c 'printf "%s: " "$1"; dig +short -x "$1"' sh
8.8.8.8: google-public-dns-a.google.com.
208.67.220.220: resolver2.opendns.com.

Of course, xargs is an extra process. What if we wanted to only use shell and dig ? With bash version 4 and over, we can use mapfile or readarray to get lines of the text file into array, and then process items in a loop:

$ mapfile -t -d $'\n' < ip-addr.txt
$ for i in "${MAPFILE[@]}" ; do printf "%s:" "$i"; dig +short -x "$i"; done
8.8.8.8:google-public-dns-a.google.com.
208.67.220.220:resolver2.opendns.com.

If the IP addresses are few and don't require a long text file, POSIXly, we could use set to define values as positional parameters:

$ set -- 8.8.8.8 208.67.220.220
$ for i ; do printf "%s:" "$i"; dig +short -x "$i"; done
8.8.8.8:google-public-dns-a.google.com.
208.67.220.220:resolver2.opendns.com.

We can also use dig -x $IP_ADDRESS +short in a script like so:

#!/bin/bash
export LC_ALL=C
# without specifying 'in' part, bourne-like shells default
# to iterating over positional parameters
for item
do
     domain=$(dig -x "$item"  +short)
     # this logic can also be reversed with
     # [ "x$domain" = "x" ] && echo "empty" || echo "$domain"
     if [ -n "$domain"  ] ;
     then
         echo "$domain"
     else
         echo "$item" result is NULL
     fi
done

Demo of sample usage(all ip addresses given as space separeted):

$ ./reverse_dns_lookup.sh 8.8.8.8 74.125.193.94 151.101.193.69                 
google-public-dns-a.google.com.
ig-in-f94.1e100.net.
151.101.193.69 result is NULL

As you can see , in the last example our DNS server didn't find domain for the ip address we gave it. In such case we can use a different DNS server, for instance open_dns with dig @208.67.220.220 $IP_ADDRESS +short

In the demo above, the ip addresses are provided on command line, like ./reverse_dns_lookup.sh ADDRESS1 ADDRESS2 ADDRESS2 but you also can use a file for that, like so:

$ cat ip_addresses.txt |  xargs ./reverse_dns_lookup.sh                          <
google-public-dns-a.google.com.
resolver2.opendns.com.
192.30.253.112 result is NULL

Alternative script version:

Here's alternative version of the script that prints the AUTHORITY section from dig's output. This may be much better and more reliable than just +short version. NOTE: this uses 8.8.8.8 , which is Google's public DNS. Use a different server if you feel necessary.

#!/bin/bash
export LC_ALL=C
for item
do
 domain=$(dig @8.8.8.8  -x "$item" +noall +authority +answer)
 if [ -n "$domain"  ] ;
 then
     echo "$domain"
 else
     echo "$item" result is NULL
 fi
done

Demo:

$ cat ip_addresses.txt |  xargs ./reverse_dns_lookup.sh 

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 -x 8.8.8.8 +noall +authority +answer
; (1 server found)
;; global options: +cmd
8.8.8.8.in-addr.arpa.   21390   IN  PTR google-public-dns-a.google.com.

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 -x 208.67.220.220 +noall +authority +answer
; (1 server found)
;; global options: +cmd
220.220.67.208.in-addr.arpa. 6674 IN    PTR resolver2.opendns.com.

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 -x 192.30.253.112 +noall +authority +answer
; (1 server found)
;; global options: +cmd
253.30.192.in-addr.arpa. 10 IN  SOA ns1.p16.dynect.net. ops.github.com. 6 3600 600 604800 60

2 of 4

Here is a quick and dirty one liner: Contents of ip-addresses.txt:

$ cat ip-addresses.txt
    1.2.3.4
    1.1.1.1
    222.222.222.222
    23.12.34.56
    8.8.8.8
    208.67.222.220

Replace txt with your file that contains addresses, separated by newlines:

$ cat ip-addresses.txt | xargs -I % bash -c 'echo "%:$(dig -x % +short)"' >> dig-output.txt

If you append to dig-output.txt like above, contents of that file will be like below, if reverse DNS lookup is successfull, IP:NAME, if not, IP:(NULL)

$ cat dig-output.txt
1.2.3.4:
1.1.1.1:
222.222.222.222:
23.12.34.56:a23-12-34-56.deploy.static.akamaitechnologies.com.
8.8.8.8:google-public-dns-a.google.com.
208.67.222.220:resolver3.opendns.com.

If IP addresses are coming from another process, you can directly pipe to xargs.

Edit: If you must have a word such as null (inspired by @Serg) in case of a lookup failure, you can use the command below:

$ cat ip-addresses.txt | xargs -I % bash -c '{ query=$(dig -x % +short); if [ -z $query ]; then query=null;fi; echo %:$query; }'

cat ip-addresses.txt # Print IP addresses to STDOUT. If you don't want to cat from file, you can directly pipe from another process like command | xargs ...
xargs -I % bash -c # Take each line from left of pipe, use % as placeholder, run bash command that follows within single quotes
dig IP address that comes from placeholder % by xargs, assign to variable query. If result happens to be null (zero length), assign string 'null' word to query variable, then print as IP:result

Demo:

$ cat ip-addresses.txt | xargs -I % bash -c '{ query=$(dig -x % +short); if [ -z $query ]; then query=null;fi; echo %:$query; }'
1.2.3.4:null
1.1.1.1:null
222.222.222.222:null
23.12.34.56:a23-12-34-56.deploy.static.akamaitechnologies.com.
8.8.8.8:google-public-dns-a.google.com.
208.67.222.220:resolver3.opendns.com.

MxToolBox

Reverse IP Lookup - MxToolbox

The Reverse Lookup tool will do a reverse IP lookup. If you type in an IP address, we will attempt to locate a dns PTR record for that IP address. You can then click on the results to find out more about that IP Address. Please note that in general, your ISP must setup and maintain these Reverse ...

Linux Hint

linuxhint.com › reverse-dns-lookup-in-linux

Do a Reverse DNS Lookup in Linux – Linux Hint

In the non-interactive mode, it only shows the name and relevant requested details for a domain. Use the following nslookup command to display the information about the given IP address: ... The reverse DNS lookup is a straightforward method to ensure that the IP address does belong to the ...

nixCraft

cyberciti.biz › nixcraft › howto › freebsd › reverse nslookup command

Reverse nslookup Command - nixCraft

September 12, 2024 - Explains how to use reverse nslookup command under UNIX/Linux or MS-Windows OS to find out an IP address to resolve a hostname/domain name

Whois.is

whois.is › home › how to perform a reverse ip address lookup command

How To Perform A Reverse IP Address Lookup Command (2026)

July 17, 2023 - The Command Prompt will return the domain name associated with the IP address you entered. To summarize, the command in Windows looks like this: ... Linux users can utilize the dig command to perform a reverse IP address lookup.

Stack Exchange

unix.stackexchange.com › questions › 89310 › how-to-safely-reverse-dns-lookup-on-ip-in-a-shell-script

How to safely reverse dns lookup on ip in a shell script - Unix & Linux Stack Exchange

nslookup is a bit of a deprecated command, in favour of the dig command by the ISC.

With dig, you would write it:

dig -x 127.0.0.1 +short

Alternatively, you could do:

perl -MSocket -le 'print((gethostbyaddr(inet_aton("127.0.0.1"), AF_INET))[0])'

which would use the system's resolver to get you the info (which in turn might use /etc/hosts, DNS, NIS+, LDAP... as per /etc/nsswitch.conf, not only DNS as dig or nslookup would)

unix.stackexchange.com › questions › 397417 › shell-script-reverse-dns-lookup

You could try the host command which will give you an output similar to:

$ host 127.0.0.1
1.0.0.127.in-addr.arpa domain name pointer localhost.

Stack Exchange

Shell script reverse DNS lookup - Unix & Linux Stack Exchange

Assuming reverse_dns_lookup.in contains

-x 8.8.8.8
-x 127.0.0.1

Then:

$ dig -f reverse_dns_lookup.in +short
google-public-dns-a.google.com.
localhost.

To add the -x to the contents of your existing file and call dig without modifying the file, using process substitution:

$ dig -f <( sed 's/^/-x /' reverse_dns_lookup.in ) +short

This avoids calling dig multiple times in a loop, and it avoids parsing the reverse_dns_lookup.in file with read.

Then redirect the output to a file of your choice:

$ dig -f <( sed 's/^/-x /' reverse_dns_lookup.in ) +short >dig-results.txt

To get be able to pair up the IP address with the result for the successful queries:

$ dig -f <( sed 's/^/-x /' reverse_dns_lookup.in ) +noall +answer | awk '{ print $1, $NF }' >dig-results.txt

For the example file I used, this will give

8.8.8.8.in-addr.arpa. google-public-dns-a.google.com.
1.0.0.127.in-addr.arpa. localhost.

in dig-results.txt.

perishablepress.com › cli-forward-reverse-lookup

#!/bin/bash

while read line
do
        echo $line - `dig -x "$line" +short`
done < reverse_dns_lookup.in

This code is working fine for me. You have to make sure, that file reverse_dns_lookup.in is in right place thou.

To send output from script to file just redirect it using standard stdin redirection operator in bash: ./script.sh > output_file.txt

Also answering Your concerns from change has been made to show IP alongside with revdns entry.

Perishable Press

CLI Forward-Reverse Lookup | Perishable Press

In previous posts, I’ve explained ... and then doing a reverse lookup to cross-check the IP address. This is often referred to as a forward-reverse lookup, or something to that effect. The point is, there are plenty of free online tools available for performing forward-reverse ...

Brainly

brainly.com › computers and technology › high school › you are using linux and need to perform a reverse lookup of the ip address 10.0.0.3. which command would you use to accomplish this? a. nslookup 10.0.0.3 b. nbtstat -a 10.0.0.3 c. dig -x 10.0.0.3 d. arp 10.0.0.3

[FREE] You are using Linux and need to perform a reverse lookup of the IP address 10.0.0.3. Which command would - brainly.com

Other commands mentioned are not suitable for this task in a Linux environment. To perform a reverse lookup of the IP address 10.0.0.3 on a Linux system, the appropriate command to use is dig -x 10.0.0.3.

How to Use Linux

howtouselinux.com › home › 2 ways to perform reverse dns lookups in linux

2 Ways to Perform Reverse DNS lookups in Linux - howtouselinux

October 9, 2025 - Here is the Reverse DNS Lookup for IP 185.230.63.186.

GitHub

github.com › topics › reverse-ip-lookup

reverse-ip-lookup · GitHub Topics · GitHub

python shodan server hacking ip ip-lookup whois-lookup information-gathering dns-lookup reverse-ip-lookup pentest-tools hackertarget ... What is WEEK TOOL? WEEK TOOL is an osint framework, which is one-stop tool for your information gathering ...

Stack Overflow

stackoverflow.com › questions › 58053194 › reverse-dns-look-up

nslookup - reverse DNS look up - Stack Overflow

How does reverse DNS look up work?

The same way as forward DNS, but using a different record type.

When you do dig -x 172.217.0.46 in fact it is like doing dig PTR 46.0.217.172.in-addr.arpa so you are just querying, even without knowing it, a different branch of the DNS tree. in-addr.arpa was established long ago as the starting point of IPv4 DNS delegations. Blocks of IP addresses are then delegated to IANA, and from there to the 5 RIRs existing, which themselves delegate them to the LIR using the corresponding IP blocks.

It works the same way for IPv6 but just under another branch.

I want to get youtube.com from the IP address.

You may want it, but why? Both "branches" (the forward one and the reverse one) have no operational needs to stay synchronized and in fact will never be because they are managed by different companies.

Everything starts at IANA but then:

for the names (forward branch), the TLD is delegated to registries, and then registries delegates names to whatever nameservers registrants choose for their domains
for the IP addresses (reverse branch), the space is delegated to RIRs, and then LIRs, and then sometimes hosting companies or end users for those having their own IP blocks.

Imagine a relative middle webhosting company. It may be controlling a given block of IP addresses but does shared virtual hosting: clients can host their website there, and the hosting company use multiple IPs for all of the website hosted. Synchronizing the PTR records would be just a huge task and have 0 benefits: out of email, PTR records are not very much used. Also, even if technically possible the case of one PTR records giving multiple names for a given IP address will probably not be handled properly by many applications.

RIR data is public. You can download the list of owners (LIRs) of each IPv4 and IPv6 blocks and doing searches there. It may not give you exactly the name your are looking after. You can also interactively query the data using the whois protocol (that does not use the DNS but goes to the same authoritative source).

If we take again your IP address as example:

$ whois 172.217.0.46

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#


NetRange:       172.217.0.0 - 172.217.255.255
CIDR:           172.217.0.0/16
NetName:        GOOGLE
NetHandle:      NET-172-217-0-0-1
Parent:         NET172 (NET-172-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS15169
Organization:   Google LLC (GOGL)
RegDate:        2012-04-16
Updated:        2012-04-16
Ref:            https://rdap.arin.net/registry/ip/172.217.0.0



OrgName:        Google LLC
OrgId:          GOGL
Address:        1600 Amphitheatre Parkway
City:           Mountain View
StateProv:      CA
PostalCode:     94043
Country:        US
RegDate:        2000-03-30
Updated:        2018-10-24

So you can see this IP address "belongs to" Google but you can not from that derive what website run on top of it.

Is there a way to get all domain names associated with an IP address? I am looking for a solution for Linux system.

Yes, there is a way, and various companies provide you this service online but typically not for free.

How they do it:

they start from a list of domain names/hostnames: to build that they can use open zonefiles (all gTLDs), do queries in search engines, parse email headers, use Certificate Transparency Logs, etc.
they resolve those names, hence they get associated IP address
they store this mapping
once done, it is "trivial" to do the reverse in their database.

So it is technically easy, just tedious and high volume of data to manipulate. On top of that you need to remember that any name->IP mapping can change at any time. Hence, this database may be obsolete the moment it is created, so of course they redo the forward resolution regularly.

serverfault.com › questions › 1059607 › reverse-ip-lookup-to-find-a-records-at-ip-address

You can't. lga15s43-in-f14.1e100.net is the PTR record associated with that IP address, and that's all that DNS will tell you. After all, if I were to buy a new random domain right now, and make some random subdomain of it point to the IP 172.217.0.46, you wouldn't expect to immediately be told about my new creation.

Server Fault

linux - Reverse IP Lookup to Find A Records at IP Address - Server Fault

Not sure if there is any Linux command that can do this. But you can use public DNS database websites likes securitytrails and domaintools (feature available as premium afaik).

You can just replace the IP with the one that you have in this link:

https://securitytrails.com/list/ip/142.250.185.238