Reverse Look-Up IP Addresses with dig(1)

Normally, dig(1) is used to look up hosts by name, that is, find the IP address that corresponds to the hostname. This is called a forward lookup. A reverse lookup, instead, starts with the IP address and seeks to find the hostname that belongs to it.

To reverse-look-up IP addresses you use dig(1) with the -x command-line switch:

dig -x address

In the following example, we will also use the +noall, +question, and +answer command-line arguments to limit dig(1)’s reply to just the items we are interested in. The +noall tells dig(1) to print nothing. The +question and +answer tell dig(1) to print only the question and answer sections:

% dig +noall +question +answer -x 192.0.34.166
;166.34.0.192.in-addr.arpa.     IN      PTR
166.34.0.192.in-addr.arpa. 20341 IN     PTR     www.example.com.

Note that because -x specifies an IP address, the IP address must immediately follow it. Here, dig(1) produced just two lines of output. The first line (a comment line) is the original question that was asked. That line is followed by the answer line.

You might reasonably ask, however, where did the in-addr.arpa come from? In the halcyon days of yore, there was no dig(1) program; hence, there was no easy way to look up a host by its address. In order to look up the address, you first had to reverse it (hence, a reverse lookup) and then to append an in-addr.arpa to the result:

192.0.34.166   reverses to    166.34.0.192.in-addr.arpa

Internally, dig(1) performs this task for you, thus causing ...

Get sendmail, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.