The commands dig and host should be what you're looking for ;)
On *nix systems, you can use this command:
dig -x [address]
Alternatively, you can add +short at the end of the dig command to output only the DNS result.
There's also nslookup on both *nix and Windows systems for reverse DNS requests.
The commands dig and host should be what you're looking for ;)
On *nix systems, you can use this command:
dig -x [address]
Alternatively, you can add +short at the end of the dig command to output only the DNS result.
There's also nslookup on both *nix and Windows systems for reverse DNS requests.
On *nix you can use:
dig -x [address]
Ubuntu is doing reverse dns lookup every 5 seconds
How to safely reverse dns lookup on ip in a shell script - Unix & Linux Stack Exchange
nslookup - reverse DNS look up - Stack Overflow
Why doesn't reverse lookup always work?
What is the difference between reverse IP lookup and reverse DNS lookup?
What does reverse DNS lookup do?
What is the use of a reverse lookup zone?
Videos
The commands dig and host should be what you're looking for ;)
On *nix systems, you can use this command:
dig -x [address]
Alternatively, you can add +short at the end of the dig command to output only the DNS result.
There's also nslookup on both *nix and Windows systems for reverse DNS requests.
I just checked my logs of my pihole, and my ubuntu laptop is doing a reverse lookup for an internal address every 5 seconds, non stop. Anyone knows what could be doing this, or where to start looking?
(Also probably out of the scope of this sub why would anything try to reverse lookup an internal address)
xargs provides an optin --arg-file. With -L1 option to treat each line as argument, the simplest command we can make is as follows
$ xargs -L1 --arg-file=ip-addr.txt dig +short -x
google-public-dns-a.google.com.
resolver2.opendns.com.
If it's necessary to display the IP address next to the resolved domain, we can also do:
$ xargs -L1 --arg-file=ip-addr.txt sh -c 'printf "%s: " "$1"; dig +short -x "$1"' sh
8.8.8.8: google-public-dns-a.google.com.
208.67.220.220: resolver2.opendns.com.
Of course, xargs is an extra process. What if we wanted to only use shell and dig ? With bash version 4 and over, we can use mapfile or readarray to get lines of the text file into array, and then process items in a loop:
$ mapfile -t -d $'\n' < ip-addr.txt
$ for i in "${MAPFILE[@]}" ; do printf "%s:" "$i"; dig +short -x "$i"; done
8.8.8.8:google-public-dns-a.google.com.
208.67.220.220:resolver2.opendns.com.
If the IP addresses are few and don't require a long text file, POSIXly, we could use set to define values as positional parameters:
$ set -- 8.8.8.8 208.67.220.220
$ for i ; do printf "%s:" "$i"; dig +short -x "$i"; done
8.8.8.8:google-public-dns-a.google.com.
208.67.220.220:resolver2.opendns.com.
We can also use dig -x $IP_ADDRESS +short in a script like so:
#!/bin/bash
export LC_ALL=C
# without specifying 'in' part, bourne-like shells default
# to iterating over positional parameters
for item
do
domain=$(dig -x "$item" +short)
# this logic can also be reversed with
# [ "x$domain" = "x" ] && echo "empty" || echo "$domain"
if [ -n "$domain" ] ;
then
echo "$domain"
else
echo "$item" result is NULL
fi
done
Demo of sample usage(all ip addresses given as space separeted):
$ ./reverse_dns_lookup.sh 8.8.8.8 74.125.193.94 151.101.193.69
google-public-dns-a.google.com.
ig-in-f94.1e100.net.
151.101.193.69 result is NULL
As you can see , in the last example our DNS server didn't find domain for the ip address we gave it. In such case we can use a different DNS server, for instance open_dns with dig @208.67.220.220 $IP_ADDRESS +short
In the demo above, the ip addresses are provided on command line, like ./reverse_dns_lookup.sh ADDRESS1 ADDRESS2 ADDRESS2 but you also can use a file for that, like so:
$ cat ip_addresses.txt | xargs ./reverse_dns_lookup.sh <
google-public-dns-a.google.com.
resolver2.opendns.com.
192.30.253.112 result is NULL
Alternative script version:
Here's alternative version of the script that prints the AUTHORITY section from dig's output. This may be much better and more reliable than just +short version. NOTE: this uses 8.8.8.8 , which is Google's public DNS. Use a different server if you feel necessary.
#!/bin/bash
export LC_ALL=C
for item
do
domain=$(dig @8.8.8.8 -x "$item" +noall +authority +answer)
if [ -n "$domain" ] ;
then
echo "$domain"
else
echo "$item" result is NULL
fi
done
Demo:
$ cat ip_addresses.txt | xargs ./reverse_dns_lookup.sh
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 -x 8.8.8.8 +noall +authority +answer
; (1 server found)
;; global options: +cmd
8.8.8.8.in-addr.arpa. 21390 IN PTR google-public-dns-a.google.com.
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 -x 208.67.220.220 +noall +authority +answer
; (1 server found)
;; global options: +cmd
220.220.67.208.in-addr.arpa. 6674 IN PTR resolver2.opendns.com.
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 -x 192.30.253.112 +noall +authority +answer
; (1 server found)
;; global options: +cmd
253.30.192.in-addr.arpa. 10 IN SOA ns1.p16.dynect.net. ops.github.com. 6 3600 600 604800 60
Here is a quick and dirty one liner: Contents of ip-addresses.txt:
$ cat ip-addresses.txt
1.2.3.4
1.1.1.1
222.222.222.222
23.12.34.56
8.8.8.8
208.67.222.220
Replace txt with your file that contains addresses, separated by newlines:
$ cat ip-addresses.txt | xargs -I % bash -c 'echo "%:$(dig -x % +short)"' >> dig-output.txt
If you append to dig-output.txt like above, contents of that file will be like below, if reverse DNS lookup is successfull, IP:NAME, if not, IP:(NULL)
$ cat dig-output.txt
1.2.3.4:
1.1.1.1:
222.222.222.222:
23.12.34.56:a23-12-34-56.deploy.static.akamaitechnologies.com.
8.8.8.8:google-public-dns-a.google.com.
208.67.222.220:resolver3.opendns.com.
If IP addresses are coming from another process, you can directly pipe to xargs.
Edit: If you must have a word such as null (inspired by @Serg) in case of a lookup failure, you can use the command below:
$ cat ip-addresses.txt | xargs -I % bash -c '{ query=$(dig -x % +short); if [ -z $query ]; then query=null;fi; echo %:$query; }'
cat ip-addresses.txt# Print IP addresses toSTDOUT. If you don't want tocatfrom file, you can directly pipe from another process likecommand | xargs ...xargs -I % bash -c# Take each line from left of pipe, use%as placeholder, runbashcommand that follows within single quotesdigIP address that comes from placeholder%byxargs, assign to variablequery. If result happens to benull(zero length), assign string 'null' word toqueryvariable, then print asIP:result
Demo:
$ cat ip-addresses.txt | xargs -I % bash -c '{ query=$(dig -x % +short); if [ -z $query ]; then query=null;fi; echo %:$query; }'
1.2.3.4:null
1.1.1.1:null
222.222.222.222:null
23.12.34.56:a23-12-34-56.deploy.static.akamaitechnologies.com.
8.8.8.8:google-public-dns-a.google.com.
208.67.222.220:resolver3.opendns.com.
nslookup is a bit of a deprecated command, in favour of the dig command by the ISC.
With dig, you would write it:
dig -x 127.0.0.1 +short
Alternatively, you could do:
perl -MSocket -le 'print((gethostbyaddr(inet_aton("127.0.0.1"), AF_INET))[0])'
which would use the system's resolver to get you the info (which in turn might use /etc/hosts, DNS, NIS+, LDAP... as per /etc/nsswitch.conf, not only DNS as dig or nslookup would)
You could try the host command which will give you an output similar to:
$ host 127.0.0.1
1.0.0.127.in-addr.arpa domain name pointer localhost.
How does reverse DNS look up work?
The same way as forward DNS, but using a different record type.
When you do dig -x 172.217.0.46 in fact it is like doing dig PTR 46.0.217.172.in-addr.arpa so you are just querying, even without knowing it, a different branch of the DNS tree. in-addr.arpa was established long ago as the starting point of IPv4 DNS delegations. Blocks of IP addresses are then delegated to IANA, and from there to the 5 RIRs existing, which themselves delegate them to the LIR using the corresponding IP blocks.
It works the same way for IPv6 but just under another branch.
I want to get youtube.com from the IP address.
You may want it, but why? Both "branches" (the forward one and the reverse one) have no operational needs to stay synchronized and in fact will never be because they are managed by different companies.
Everything starts at IANA but then:
- for the names (forward branch), the TLD is delegated to registries, and then registries delegates names to whatever nameservers registrants choose for their domains
- for the IP addresses (reverse branch), the space is delegated to RIRs, and then LIRs, and then sometimes hosting companies or end users for those having their own IP blocks.
Imagine a relative middle webhosting company. It may be controlling a given block of IP addresses but does shared virtual hosting: clients can host their website there, and the hosting company use multiple IPs for all of the website hosted. Synchronizing the PTR records would be just a huge task and have 0 benefits: out of email, PTR records are not very much used. Also, even if technically possible the case of one PTR records giving multiple names for a given IP address will probably not be handled properly by many applications.
RIR data is public. You can download the list of owners (LIRs) of each IPv4 and IPv6 blocks and doing searches there. It may not give you exactly the name your are looking after. You can also interactively query the data using the whois protocol (that does not use the DNS but goes to the same authoritative source).
If we take again your IP address as example:
$ whois 172.217.0.46
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#
NetRange: 172.217.0.0 - 172.217.255.255
CIDR: 172.217.0.0/16
NetName: GOOGLE
NetHandle: NET-172-217-0-0-1
Parent: NET172 (NET-172-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS15169
Organization: Google LLC (GOGL)
RegDate: 2012-04-16
Updated: 2012-04-16
Ref: https://rdap.arin.net/registry/ip/172.217.0.0
OrgName: Google LLC
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2018-10-24
So you can see this IP address "belongs to" Google but you can not from that derive what website run on top of it.
Is there a way to get all domain names associated with an IP address? I am looking for a solution for Linux system.
Yes, there is a way, and various companies provide you this service online but typically not for free.
How they do it:
- they start from a list of domain names/hostnames: to build that they can use open zonefiles (all gTLDs), do queries in search engines, parse email headers, use Certificate Transparency Logs, etc.
- they resolve those names, hence they get associated IP address
- they store this mapping
- once done, it is "trivial" to do the reverse in their database.
So it is technically easy, just tedious and high volume of data to manipulate. On top of that you need to remember that any name->IP mapping can change at any time. Hence, this database may be obsolete the moment it is created, so of course they redo the forward resolution regularly.
You can't. lga15s43-in-f14.1e100.net is the PTR record associated with that IP address, and that's all that DNS will tell you. After all, if I were to buy a new random domain right now, and make some random subdomain of it point to the IP 172.217.0.46, you wouldn't expect to immediately be told about my new creation.