linux reverse ip lookup ubuntu

superuser.com › questions › 649551 › bash-reverse-dns-lookup-of-active-ip-addresses

1 of 4

xargs provides an optin --arg-file. With -L1 option to treat each line as argument, the simplest command we can make is as follows

$ xargs -L1 --arg-file=ip-addr.txt dig +short -x
google-public-dns-a.google.com.
resolver2.opendns.com.

If it's necessary to display the IP address next to the resolved domain, we can also do:

$ xargs -L1 --arg-file=ip-addr.txt sh -c 'printf "%s: " "$1"; dig +short -x "$1"' sh
8.8.8.8: google-public-dns-a.google.com.
208.67.220.220: resolver2.opendns.com.

Of course, xargs is an extra process. What if we wanted to only use shell and dig ? With bash version 4 and over, we can use mapfile or readarray to get lines of the text file into array, and then process items in a loop:

$ mapfile -t -d $'\n' < ip-addr.txt
$ for i in "${MAPFILE[@]}" ; do printf "%s:" "$i"; dig +short -x "$i"; done
8.8.8.8:google-public-dns-a.google.com.
208.67.220.220:resolver2.opendns.com.

If the IP addresses are few and don't require a long text file, POSIXly, we could use set to define values as positional parameters:

$ set -- 8.8.8.8 208.67.220.220
$ for i ; do printf "%s:" "$i"; dig +short -x "$i"; done
8.8.8.8:google-public-dns-a.google.com.
208.67.220.220:resolver2.opendns.com.

We can also use dig -x $IP_ADDRESS +short in a script like so:

#!/bin/bash
export LC_ALL=C
# without specifying 'in' part, bourne-like shells default
# to iterating over positional parameters
for item
do
     domain=$(dig -x "$item"  +short)
     # this logic can also be reversed with
     # [ "x$domain" = "x" ] && echo "empty" || echo "$domain"
     if [ -n "$domain"  ] ;
     then
         echo "$domain"
     else
         echo "$item" result is NULL
     fi
done

Demo of sample usage(all ip addresses given as space separeted):

$ ./reverse_dns_lookup.sh 8.8.8.8 74.125.193.94 151.101.193.69                 
google-public-dns-a.google.com.
ig-in-f94.1e100.net.
151.101.193.69 result is NULL

As you can see , in the last example our DNS server didn't find domain for the ip address we gave it. In such case we can use a different DNS server, for instance open_dns with dig @208.67.220.220 $IP_ADDRESS +short

In the demo above, the ip addresses are provided on command line, like ./reverse_dns_lookup.sh ADDRESS1 ADDRESS2 ADDRESS2 but you also can use a file for that, like so:

$ cat ip_addresses.txt |  xargs ./reverse_dns_lookup.sh                          <
google-public-dns-a.google.com.
resolver2.opendns.com.
192.30.253.112 result is NULL

Alternative script version:

Here's alternative version of the script that prints the AUTHORITY section from dig's output. This may be much better and more reliable than just +short version. NOTE: this uses 8.8.8.8 , which is Google's public DNS. Use a different server if you feel necessary.

#!/bin/bash
export LC_ALL=C
for item
do
 domain=$(dig @8.8.8.8  -x "$item" +noall +authority +answer)
 if [ -n "$domain"  ] ;
 then
     echo "$domain"
 else
     echo "$item" result is NULL
 fi
done

Demo:

$ cat ip_addresses.txt |  xargs ./reverse_dns_lookup.sh 

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 -x 8.8.8.8 +noall +authority +answer
; (1 server found)
;; global options: +cmd
8.8.8.8.in-addr.arpa.   21390   IN  PTR google-public-dns-a.google.com.

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 -x 208.67.220.220 +noall +authority +answer
; (1 server found)
;; global options: +cmd
220.220.67.208.in-addr.arpa. 6674 IN    PTR resolver2.opendns.com.

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 -x 192.30.253.112 +noall +authority +answer
; (1 server found)
;; global options: +cmd
253.30.192.in-addr.arpa. 10 IN  SOA ns1.p16.dynect.net. ops.github.com. 6 3600 600 604800 60

2 of 4

Here is a quick and dirty one liner: Contents of ip-addresses.txt:

$ cat ip-addresses.txt
    1.2.3.4
    1.1.1.1
    222.222.222.222
    23.12.34.56
    8.8.8.8
    208.67.222.220

Replace txt with your file that contains addresses, separated by newlines:

$ cat ip-addresses.txt | xargs -I % bash -c 'echo "%:$(dig -x % +short)"' >> dig-output.txt

If you append to dig-output.txt like above, contents of that file will be like below, if reverse DNS lookup is successfull, IP:NAME, if not, IP:(NULL)

$ cat dig-output.txt
1.2.3.4:
1.1.1.1:
222.222.222.222:
23.12.34.56:a23-12-34-56.deploy.static.akamaitechnologies.com.
8.8.8.8:google-public-dns-a.google.com.
208.67.222.220:resolver3.opendns.com.

If IP addresses are coming from another process, you can directly pipe to xargs.

Edit: If you must have a word such as null (inspired by @Serg) in case of a lookup failure, you can use the command below:

$ cat ip-addresses.txt | xargs -I % bash -c '{ query=$(dig -x % +short); if [ -z $query ]; then query=null;fi; echo %:$query; }'

cat ip-addresses.txt # Print IP addresses to STDOUT. If you don't want to cat from file, you can directly pipe from another process like command | xargs ...
xargs -I % bash -c # Take each line from left of pipe, use % as placeholder, run bash command that follows within single quotes
dig IP address that comes from placeholder % by xargs, assign to variable query. If result happens to be null (zero length), assign string 'null' word to query variable, then print as IP:result

Demo:

$ cat ip-addresses.txt | xargs -I % bash -c '{ query=$(dig -x % +short); if [ -z $query ]; then query=null;fi; echo %:$query; }'
1.2.3.4:null
1.1.1.1:null
222.222.222.222:null
23.12.34.56:a23-12-34-56.deploy.static.akamaitechnologies.com.
8.8.8.8:google-public-dns-a.google.com.
208.67.222.220:resolver3.opendns.com.

Super User

linux - Bash: Reverse DNS Lookup of Active IP Addresses - Super User

linuxcommando.blogspot.com › 2008 › 07 › how-to-do-reverse-dns-lookup.html

1 of 1

You can use dig +noall +answer -x <IP> to look up an IP address.

To simply loop over a file that contains a list of IP addresses:

while read ip; do dig +noall +answer -x $ip; done < ips.txt

Or, pipe the output of your counting command. This time we get the count and the IP addresses separately and then print them on one line:

cat access.log | awk '{print $1}' | sort | 
uniq -c | sort -n | tail -n10 |
while read count ip; do printf "%d " $count; printf "%s " $ip; dig +noall +answer -x $ip; done

Example (sorry for the UUOC):

cat test | while read count ip; do printf "%d " $count; printf "%s " $ip; dig +noall +answer -x $ip; done
20 8.8.8.8 8.8.8.8.in-addr.arpa.    52767   IN  PTR google-public-dns-a.google.com.
22 8.8.4.4 4.4.8.8.in-addr.arpa.    61369   IN  PTR google-public-dns-b.google.com.

You can further pipe dig's output into awk to just get the host name:

cat test | while read count ip; do printf "%d " $count; printf "%s " $ip; echo $(dig +noall +answer -x $ip | awk '{ print $(NF) }'); done
20 8.8.8.8 google-public-dns-a.google.com.
22 8.8.4.4 google-public-dns-b.google.com.

Blogger

Linux Commando: How to do reverse DNS lookup

67 IN A 199.232.41.10 The IP address is displayed in the A record, and is 199.232.41.10. The +noall, +answer combination basically tells dig to only report the answer of the DNS query and skip the rest of the output. You can also use the dig command with the -x option to do a reverse DNS lookup.

WhatIsMyIP.com®

whatismyip.com › reverse-dns-lookup

Reverse DNS Lookup | Reverse IP Lookup Tool - WhatIsMyIP.com®

For a reverse IP lookup in the Linux system, users can use three different commands to perform the reverse DNS process: the dig command, the host command, and the nslookup command.

Linux Hint

linuxhint.com › reverse-dns-lookup-in-linux

Do a Reverse DNS Lookup in Linux – Linux Hint

In the non-interactive mode, it only shows the name and relevant requested details for a domain. Use the following nslookup command to display the information about the given IP address: ... The reverse DNS lookup is a straightforward method to ensure that the IP address does belong to the ...

Find elsewhere

Google Bing Mojeek

FOSS Linux

fosslinux.com › home › beginner's guide › top 3 ways to lookup reverse dns on linux

Top 3 ways to lookup reverse DNS in Linux | FOSS Linux

April 13, 2020 - In this tutorial, we will show you how to perform a reverse DNS lookup using one of the following methods: ... Before starting, let’s check first how to issue a forward DNS lookup using the dig command as follows: ... As you can notice, using ...

Ask Ubuntu

askubuntu.com › questions › 557098 › bash-command-to-convert-ip-addresses-into-their-reverse-form

text processing - Bash command to convert IP addresses into their "reverse" form? - Ask Ubuntu

echo 411.311.211.111 | awk -F. '{print $4"."$3"." $2"."$1}'

Output:

111.211.311.411

echo 411.311.211.111 | awk -F. '{OFS="."; print $4,$3,$2,$1}'

dnschecker.org › reverse-dns.php

Here is a native function. Call it like reverseip 12.34.56.78 to have it print 78.56.34.12. Call it like reversed=$(reverseip 12.34.56.78) to capture the output into a variable.

reverseip () {
    local IFS
    IFS=.
    set -- $1
    echo $4.$3.$2.$1
}

set with a string argument tokenizes this string into $1, $2, etc based on the current value of IFS. So we are breaking up the function's input argument $1 into tokens, which now replace the original $1, $2, etc. Because IFS is a dot, the input value in the original $1 gets split up on dots. The dash -- is a safety measure to signal the end of options to set, in case the actual value of $1 would start with a dash (without the -- you would then get an "unknown option" error, or, worse, random or even insecure behavior).

DNS Checker

Reverse IP Lookup - Reverse DNS Lookup

If you are using Linux or MAC OS, run dig -x IP_address on Linux's console terminal or MacOs's terminal. Note: Replace the IP_address with your domain's IP address. Just enter the IP address and click on the "Submit" button.

nixCraft

cyberciti.biz › nixcraft › howto › freebsd › reverse nslookup command

Reverse nslookup Command - nixCraft

September 12, 2024 - Explains how to use reverse nslookup command under UNIX/Linux or MS-Windows OS to find out an IP address to resolve a hostname/domain name

How to Use Linux

howtouselinux.com › home › 2 ways to perform reverse dns lookups in linux

2 Ways to Perform Reverse DNS lookups in Linux - howtouselinux

October 9, 2025 - Here is the Reverse DNS Lookup for IP 185.230.63.186.

2DayGeek

2daygeek.com › home › how to check reverse dns (rdns) lookup in linux?

How To Check Reverse DNS (rDNS) Lookup In Linux? | 2DayGeek

July 28, 2019 - It is normally used to convert names to IP addresses and vice versa. nslookup Command: Nslookup is a program to query Internet domain name servers. dig Command: Dig stands for domain information groper is a flexible tool for interrogating DNS ...

reddit.com › r/linux4noobs › ubuntu is doing reverse dns lookup every 5 seconds

r/linux4noobs on Reddit: Ubuntu is doing reverse dns lookup every 5 seconds

February 5, 2025 -

I just checked my logs of my pihole, and my ubuntu laptop is doing a reverse lookup for an internal address every 5 seconds, non stop. Anyone knows what could be doing this, or where to start looking?

(Also probably out of the scope of this sub why would anything try to reverse lookup an internal address)

Even basic utilities like ping will by default attempt to do reverse DNS. That's why for example if you ping google.com, you get something like PING google.com (142.251.41.46) 56(84) bytes of data. 64 bytes from yyz12s08-in-f14.1e100.net (142.251.41.46) I would guess something is attempting to get a pretty name for an IP somewhere, fails and doesn't cache the failure and retries. Or something forgetful is ran where it triggers a reverse DNS each use. If you have a crappy script somewhere running ping as an alive check every 5 seconds you'd get exactly what you see, because ping wouldn't remember the DNS between runs, as it's a new one each time. As for why it tries to reverse DNS an internal address, mostly because the network stack doesn't know nor care, it just does it. It would be weird to start hardcoding the ranges as a special case, when no special case works just fine anyway. Plus, it's not that uncommon that local rDNS works fine, depending on the deployment and DHCP/DNS server. It works on my LAN for example: max-p@desktop ~> host 192.168.0.1 1.0.168.192.in-addr.arpa domain name pointer OpenWrt.lan. max-p@desktop ~> host fd99:7ef0:5fc7::ac5 5.c.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.c.f.5.0.f.e.7.9.9.d.f.ip6.arpa domain name pointer server.lan.

1 of 3

2 of 3

The easiest way probably of discovering the app making those requests is installing opensnitch: https://github.com/evilsocket/opensnitch in-addr.arpa is used for mapping IPv4 addresses to Internet domain names: https://www.iana.org/domains/arpa , https://www.rfc-editor.org/rfc/rfc1035.html Given that the request is 1.10.0.10*, may something is trying to discover/validate the gateway of the network by hostname. Avahi for example.

Stack Exchange

unix.stackexchange.com › questions › 89310 › how-to-safely-reverse-dns-lookup-on-ip-in-a-shell-script

How to safely reverse dns lookup on ip in a shell script - Unix & Linux Stack Exchange

nslookup is a bit of a deprecated command, in favour of the dig command by the ISC.

With dig, you would write it:

dig -x 127.0.0.1 +short

Alternatively, you could do:

perl -MSocket -le 'print((gethostbyaddr(inet_aton("127.0.0.1"), AF_INET))[0])'

which would use the system's resolver to get you the info (which in turn might use /etc/hosts, DNS, NIS+, LDAP... as per /etc/nsswitch.conf, not only DNS as dig or nslookup would)

perishablepress.com › cli-forward-reverse-lookup

You could try the host command which will give you an output similar to:

$ host 127.0.0.1
1.0.0.127.in-addr.arpa domain name pointer localhost.

Perishable Press

CLI Forward-Reverse Lookup | Perishable Press

Here we are using the host command to perform a reverse DNS lookup for the IP address of my own server, 64.207.179.70.

Stack Overflow

stackoverflow.com › questions › 58053194 › reverse-dns-look-up

nslookup - reverse DNS look up - Stack Overflow

How does reverse DNS look up work?

The same way as forward DNS, but using a different record type.

When you do dig -x 172.217.0.46 in fact it is like doing dig PTR 46.0.217.172.in-addr.arpa so you are just querying, even without knowing it, a different branch of the DNS tree. in-addr.arpa was established long ago as the starting point of IPv4 DNS delegations. Blocks of IP addresses are then delegated to IANA, and from there to the 5 RIRs existing, which themselves delegate them to the LIR using the corresponding IP blocks.

It works the same way for IPv6 but just under another branch.

I want to get youtube.com from the IP address.

You may want it, but why? Both "branches" (the forward one and the reverse one) have no operational needs to stay synchronized and in fact will never be because they are managed by different companies.

Everything starts at IANA but then:

for the names (forward branch), the TLD is delegated to registries, and then registries delegates names to whatever nameservers registrants choose for their domains
for the IP addresses (reverse branch), the space is delegated to RIRs, and then LIRs, and then sometimes hosting companies or end users for those having their own IP blocks.

Imagine a relative middle webhosting company. It may be controlling a given block of IP addresses but does shared virtual hosting: clients can host their website there, and the hosting company use multiple IPs for all of the website hosted. Synchronizing the PTR records would be just a huge task and have 0 benefits: out of email, PTR records are not very much used. Also, even if technically possible the case of one PTR records giving multiple names for a given IP address will probably not be handled properly by many applications.

RIR data is public. You can download the list of owners (LIRs) of each IPv4 and IPv6 blocks and doing searches there. It may not give you exactly the name your are looking after. You can also interactively query the data using the whois protocol (that does not use the DNS but goes to the same authoritative source).

If we take again your IP address as example:

$ whois 172.217.0.46

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#


NetRange:       172.217.0.0 - 172.217.255.255
CIDR:           172.217.0.0/16
NetName:        GOOGLE
NetHandle:      NET-172-217-0-0-1
Parent:         NET172 (NET-172-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS15169
Organization:   Google LLC (GOGL)
RegDate:        2012-04-16
Updated:        2012-04-16
Ref:            https://rdap.arin.net/registry/ip/172.217.0.0



OrgName:        Google LLC
OrgId:          GOGL
Address:        1600 Amphitheatre Parkway
City:           Mountain View
StateProv:      CA
PostalCode:     94043
Country:        US
RegDate:        2000-03-30
Updated:        2018-10-24

So you can see this IP address "belongs to" Google but you can not from that derive what website run on top of it.

Is there a way to get all domain names associated with an IP address? I am looking for a solution for Linux system.

Yes, there is a way, and various companies provide you this service online but typically not for free.

How they do it:

they start from a list of domain names/hostnames: to build that they can use open zonefiles (all gTLDs), do queries in search engines, parse email headers, use Certificate Transparency Logs, etc.
they resolve those names, hence they get associated IP address
they store this mapping
once done, it is "trivial" to do the reverse in their database.

So it is technically easy, just tedious and high volume of data to manipulate. On top of that you need to remember that any name->IP mapping can change at any time. Hence, this database may be obsolete the moment it is created, so of course they redo the forward resolution regularly.

askubuntu.com › questions › 1389766 › reverse-dns-lookup-of-linux-system-not-function-with-windows-active-directory

You can't. lga15s43-in-f14.1e100.net is the PTR record associated with that IP address, and that's all that DNS will tell you. After all, if I were to buy a new random domain right now, and make some random subdomain of it point to the IP 172.217.0.46, you wouldn't expect to immediately be told about my new creation.

Ask Ubuntu

networking - Reverse DNS lookup of Linux system not function with Windows Active Directory - Ask Ubuntu

Possible solutions: Ask domain administrator for setting to create DNS A-record automatically by DHCP server if device is connected to network. Or ask him for DHCP static reservation for your device (MAC address - IP address) and for related DNS record. ... When i ran "nslookup linuxbox-name.full-domain-name" command from Windows Laptop, found replay --> "Request to full-doman-name timed-out".

Ask Ubuntu

askubuntu.com › questions › 809742 › dns-reverse-lookup-shows-correct-only-with-localhost

networking - DNS Reverse Lookup shows correct only with localhost - Ask Ubuntu

serverfault.com › questions › 1059607 › reverse-ip-lookup-to-find-a-records-at-ip-address

1 of 1

It's a stupid question, but... Are you even in control of the settings of your reverse DNS? You can only set the reverse DNS at your ISP/Webhost. So, if you rent the IP 46.101.84.103, it is the DNS server at Digital Ocean Inc, that will reply to these reverse queries. Your DNS, that resolves whatever.example.com to 46.101.84.103 cannot do the reverse DNS.

You might have configured a DNS that does this (evidently that's possible and that might be your localhost), but the Internet will never ask this server, because that IP range belongs to your ISP/webhost.

That's because some DNS servers are "authorative" for certain resources. If you own a domain name, you can set the "authoritative" DNS servers for that doman at your registrar (or use the registrars DNS). For example, if I do:

$ dig tude.lu

; <<>> DiG 9.10.3-P4-Ubuntu <<>> tude.lu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53410
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;tude.lu.           IN  A

;; ANSWER SECTION:
tude.lu.        300 IN  A   85.93.203.237

;; AUTHORITY SECTION:
tude.lu.        43200   IN  NS  dns2.jawtheshark.net.
tude.lu.        43200   IN  NS  dns1.jawtheshark.net.

;; ADDITIONAL SECTION:
dns1.jawtheshark.net.   411 IN  A   149.154.152.102
dns2.jawtheshark.net.   579 IN  A   162.252.172.158

;; Query time: 133 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Aug 08 20:54:46 CEST 2016
;; MSG SIZE  rcvd: 137

You notice the "authority section"? Well, in a DNS query, that means that anything regarding tude.lu, must be asked from one of those two servers (dns1.jawtheshark.net and dns2.jawtheshark.net). Your local DNS may cache the results, but ultimately, only those two servers can be trusted to give correct results. They are "authoritative".

That's for domain names (basically, "normal" DNS queries). For IP ranges, the same exists. The thing is: an IP range is not linked to a domain at all. The IP range is another resource all together. So, let's take the IP you gave. Who is authoritative?

$ dig -x 46.101.84.103

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 46.101.84.103
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65419
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;103.84.101.46.in-addr.arpa.    IN  PTR

;; AUTHORITY SECTION:
84.101.46.in-addr.arpa. 1466    IN  SOA ns1.digitalocean.com. hostmaster.84.101.46.in-addr.arpa. 1470460984 10800 3600 604800 1800

;; Query time: 1 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Aug 08 20:53:02 CEST 2016
;; MSG SIZE  rcvd: 122

Again, the information we want is in the authority section. It seems to be the primary (ns1) nameserver of digitalocean.com. If you do not have access to the configuration of that DNS server, you will not be able to change the reverse IP lookup. Now, that doesn't mean you can't set it, because many hosters allow you to do that in their management interfaces. Alas, I can't help you there and you need to ask them, go read their FAQ, or explore the interface they have given you.

What I assume, but of course I may be wrong, is that you configured a DNS server on your localhost that is configured to reply the PTR records (reverse lookup), but the Internet at large will never query that machine, because... it's not authoritative. So locally, it obviously works: your server "thinks" it's authoritative, but it's not.

Of course, I might be totally mistaken with my assumption.

Hope the reply is not all that confusing. DNS requires a quite deep understanding and the "authority" concept is very important.

Server Fault

linux - Reverse IP Lookup to Find A Records at IP Address - Server Fault

Not sure if there is any Linux command that can do this. But you can use public DNS database websites likes securitytrails and domaintools (feature available as premium afaik).

You can just replace the IP with the one that you have in this link:

https://securitytrails.com/list/ip/142.250.185.238