Reverse Look-Up IP Addresses with dig(1)
Normally, dig(1) is used to look up hosts by name, that is, find the IP address that corresponds to the hostname. This is called a forward lookup. A reverse lookup, instead, starts with the IP address and seeks to find the hostname that belongs to it.
To reverse-look-up IP addresses you use dig(1) with
the -x
command-line switch:
dig -x address
In the following example, we will also use the
+noall,
+question, and
+answer
command-line arguments to limit dig(1)’s reply to
just the items we are interested in. The +noall tells dig(1) to
print nothing. The +question and +answer tell dig(1) to print only the
question and answer sections:
% dig +noall +question +answer -x 192.0.34.166
;166.34.0.192.in-addr.arpa. IN PTR
166.34.0.192.in-addr.arpa. 20341 IN PTR www.example.com.Note that because -x specifies an IP address, the IP
address must immediately follow it. Here, dig(1) produced just
two lines of output. The first line (a comment line)
is the original question that was asked. That line
is followed by the answer line.
You might reasonably ask, however, where did the
in-addr.arpa
come from? In the halcyon days of yore, there was no
dig(1) program; hence, there was no easy way to look
up a host by its address. In order to look up the
address, you first had to reverse it (hence, a
reverse lookup) and then to append an in-addr.arpa to the
result:
192.0.34.166 reverses to 166.34.0.192.in-addr.arpa
Internally, dig(1) performs this task for you, thus causing ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access