How to find dns entries for IP-address

Question

I am trying to do a reverse DNS lookup (find DNS-entries for a specific IP-address). A search gave me the answer to use dig and nslookup, but these tools do not work for me. E.g. I ping superuser.com, but none of the commands give me the dnsname. How can I achieve this?

$ ping superuser.com -c 1
PING superuser.com (151.101.65.69) 56(84) bytes of data.
64 bytes from 151.101.65.69 (151.101.65.69): icmp_seq=1 ttl=58 time=20.5 ms
--- superuser.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 20.492/20.492/20.492/0.000 ms
$ dig 151.101.65.69
; <<>> DiG 9.11.26-RedHat-9.11.26-4.el8_4 <<>> 151.101.65.69
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6817
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;151.101.65.69.         IN  A
;; AUTHORITY SECTION:
.           3007    IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2021092000 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 213.133.98.98#53(213.133.98.98)
;; WHEN: Mon Sep 20 19:14:32 CEST 2021
;; MSG SIZE  rcvd: 117
$ nslookup 151.101.65.69
** server can't find 69.65.101.151.in-addr.arpa: NXDOMAIN
$ host 151.101.65.69
Host 69.65.101.151.in-addr.arpa. not found: 3(NXDOMAIN)
$ dig -x 151.101.65.69
; <<>> DiG 9.11.26-RedHat-9.11.26-4.el8_4 <<>> -x 151.101.65.69
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1600
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;69.65.101.151.in-addr.arpa.    IN  PTR
;; AUTHORITY SECTION:
151.in-addr.arpa.   2244    IN  SOA pri.authdns.ripe.net. dns.ripe.net. 1632153065 3600 600 864000 3600
;; Query time: 0 msec
;; SERVER: 213.133.98.98#53(213.133.98.98)
;; WHEN: Mon Sep 20 19:14:49 CEST 2021
;; MSG SIZE  rcvd: 115

harrymc · Answer 1 · 2021-09-20T20:00:56.070

You are asking how to do Reverse DNS lookup:

a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup of an IP address from a domain name.[1] The process of reverse resolving of an IP address uses PTR records. rDNS involves searching domain name registry and registrar tables.

That's the next question: Where would you search for this information. There are many Domain name registrars, each keeping its own list of domains and assigned IPs. Some high-level registrars exist, but they do not contain all the data of the lower-level registrars. The real data is kept in DNS servers.

The tools normally only search these high-level registrars or DNS servers, where most of the domains are not found. There is not one database that contains all the domains and all the IPs of the whole world.

The opposite DNS, converting a domain-name to IP, works by repeatedly descending registrar levels until the name is found.

A request to convert an IP to a domain name would need to query all the registrars and DNS servers on our planet, which is physically impossible. This search is called "whois" and it only rarely is able to pinpoint the domain.

score 1 · Accepted Answer · answered Sep 21 '21 at 13:39

You cant achieve it when the responsible ISP hasn't done its homework.

There is a difference between a forward domain and a rewerse "in-addr.arpa" domain.

In the first case a name is resolved to a IP address. This is controlled by the domain owner.
In the second case a IP address is resolved into a name. This is controlled by the IP address owner (normally a ISP) and can be delegated to a customer, but that's the IP address owners perogative.

If you take another example dns.google.com. In this example does the domain google.com and the rewerse domain 8.8.8.8.in-addr.arpa have the same name.

ping dns.google.com -4
PING dns.google.com (8.8.8.8) 56(84) bytes of data.
64 bytes from dns.google (8.8.8.8): icmp_seq=1 ttl=59 time=3.01 ms

and then try with nslookup:

nslookup 8.8.8.8
8.8.8.8.in-addr.arpa    name = dns.google.

More common is the the domain (a random example) e-opt.com hasn't the control over 3.97.36.24 24.36.97.3.in-addr.arpa name.

ping www.e-opt.com
PING www.e-opt.com (3.97.36.24) 56(84) bytes of data.

and then try with nslookup:

nslookup 3.97.36.24
24.36.97.3.in-addr.arpa name = ec2-3-97-36-24.ca-central-1.compute.amazonaws.com.

How to find dns entries for IP-address

2 Answers2