Reverse Look-Up IP Addresses with dig(1)
Normally, dig(1) is used to look up hosts by name, that is, find the IP address that corresponds to the hostname. This is called a forward lookup. A reverse lookup, instead, starts with the IP address and seeks to find the hostname that belongs to it.
To reverse-look-up IP addresses you use dig(1) with
dig -x address
In the following example, we will also use the
command-line arguments to limit dig(1)’s reply to
just the items we are interested in. The
+noall tells dig(1) to
print nothing. The
+answer tell dig(1) to print only the
question and answer sections:
dig +noall +question +answer -x 18.104.22.168;22.214.171.124.in-addr.arpa. IN PTR 126.96.36.199.in-addr.arpa. 20341 IN PTR www.example.com.
Note that because
-x specifies an IP address, the IP
address must immediately follow it. Here, dig(1) produced just
two lines of output. The first line (a comment line)
is the original question that was asked. That line
is followed by the answer line.
You might reasonably ask, however, where did the
come from? In the halcyon days of yore, there was no
dig(1) program; hence, there was no easy way to look
up a host by its address. In order to look up the
address, you first had to reverse it (hence, a
reverse lookup) and then to append an
in-addr.arpa to the
188.8.131.52 reverses to 184.108.40.206.in-addr.arpa
Internally, dig(1) performs this task for you, thus causing ...