Reverse dns lookup linux

Что такое reverse dns lookup и как получить reverse dns

Что такое Reverse DNS легко понять, если вы знаете что такое DNS. Получение Reverse DNS — противоположенность DNS.

Т.е. если традиционный (прямой) DNS заключается в получении ip-адреса по хосту, то Reverse DNS (обратный, противоположенный) — это получение хоста по ip-адресу. Также Reverse DNS называют PTR-записью (pointer, указатель).

Как получить запись reverse DNS lookup на linux?

Для получения reverse DNS нужно воспользоваться одной из двух команд:

Если вам нужно только имя хоста (без дополнительной информации), то удобно будет воспользоваться командой dig с опциями -x и +short , которая вернёт одну строку — только искомый host.

-x — опция говорит включить обратный поиск DNS вместо прямого. Обратный поиск DNS (reverse dns lookup) означает, что вы хотите искать домен или имя хоста по IP-адресу.

+short — опция скрывает информацию (номер порта и адрес) о сервере, который предоставил ответ.

Как видно, dig вернул всего одну строку vh40.hoster.by.

Пример reverse DNS на картинке:

Хост jeka.by висит на ip 93.125.99.10. Это дешёвый shared хостинг. На этом IP висит большое количество сайтов. Для этого же ip обратным адресом является хост моего хостера vh40.hosterby.com.

Солидные ресурсы в обязательном порядке имеют собственные настроенные reverse dns. Это нужно хотя бы для того, чтобы вероятность попадания электронных писем в спам была меньше. Для этого адрес в поле From должен совпадать с доменом, указанным в reverse dns (совпадать с PTR). Это связано с тем, что спамеры часто подделывают доменные имена при отправке почты.

Для PTR записей нет конкретных технических требований. Но всё же большинство провайдеров используют следующие правила:

• Для каждого IP-адреса существует одна единственная PTR запись;
• Для серверa с несколькими IP-адресами будут прописаны несколько PTR записей, по одной на каждый IP-адрес;
• Для любого почтового сервера должна быть установлена MX-запись и A-запись – это правило является одним из самых важных;
• Для каждой PTR записи должна быть А-запись, а вот наоборот – не обязательно.

Источник

HowTo Test or Check Reverse DNS on a Linux / Unix

Typically, the DNS is used to determine what IP address is associated with a given hostname; so to reverse resolve a known IP address is to lookup what the associated hostname for it. A reverse lookup is often referred to simply as reverse resolving, or more specifically reverse DNS lookups.

[donotprint]

Tutorial details
Difficulty level	Easy
Root privileges	No
Requirements	None
Est. reading time	1m

[/donotprint]The most common uses of the reverse DNS are:

1. Anti-spam
2. Network troubleshooting
3. Avoid spammers and phishers using a forward confirmed reverse DNS etc

You can use standard UNIX / Linux utilities such as nslookup command, dig command or host command to find out reverse DNS of a given IP address.

Task: Find Reverse DNS for IP 75.126.43.235 under Linux/UNIX

Type the following host command:
$ host ip-address-here
$ host 75.126.43.235
Sample outputs:

In this example output, IP 75.126.43.235 is reverse mapped to cyberciti.org. Here is another reverse lookups done using dig command:
$ dig -x ip-address-here
$ dig -x 75.126.153.206
Sample outputs:

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Hiding additional display info while doing reverse ip lookup using dig command

You can only display the answer section of a reply with +answer option and clear all other display info with +noall option as follow:

Task: Find Reverse DNS for IP 75.126.43.235 under Linux/UNIX/Windows

nslookup works under Windows and UNIX like oses:
nslookup ip-address-here
nslookup 75.126.43.235
Output:

Demo: Reverse IP lookup on Linux, Unix, OS X and MS-Windows

Animated gif: host, dig, and nslookup command in action

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Category	List of Unix and Linux commands
Documentation	help • mandb • man • pinfo
Disk space analyzers	df • duf • ncdu • pydf
File Management	cat • cp • less • mkdir • more • tree
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Linux Desktop Apps	Skype • Spotify • VLC 3
Modern utilities	bat • exa
Network Utilities	NetHogs • dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtop
Searching	ag • grep • whereis • which
Shell builtins	compgen • echo • printf
Text processing	cut • rev
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

Comments on this entry are closed.

How r u man?
Vivek, how can I do a reverse ip check to a domain or box in order to know what websites is hosted on that box ?

I need a linux COMMAND not solving it using a website. Can u help me ?

its very simple

dig -x IP (209.267.166.166)

Hi… Please help me… Can u tell me a commands to make a reverse dns record in my server?
Thansk….
Paul S.

Very userful , Thanks.

Excellent. Thank you.

REM //NSLOOKUP batch check utility v1.0
REM //Author: Emin Akbulut eminakbulut@gmail.com
REM //Date: 03 June 2010
REM //This code is freeware
REM //Usage: Modify the DNS and host lists below, at line 23, then simply run the batch file.

IF “%1” == “/check” GOTO loopit

:start
cls
if exist %0.log del %0.log > nul %2>nul
if exist %0.bat.log del %0.bat.log > nul %2>nul
echo —————————————
echo Starting… %date% %time:

0,8%
echo —————————————
echo Report created on %date% %time:

0,8% >> %0.log
REM %%A for DNS Servers list, %%B for target hosts to be checked
FOR %%A IN (195.175.39.39 195.175.39.40 8.8.8.8) DO FOR %%B IN (google.com yourdomain.com mail.yourdomain.com) DO CALL %0 /check %%A %%B

echo ————————————— >> %0.log
echo —————————————
echo Done. Press any key to examine the log file…
Pause > nul
start notepad “%

:loopit
echo ————————————— >> %0.log
echo nslookup %3 %2
echo nslookup %3 %2 >> %0.log
nslookup -timeout=%timeout% %3 %2 >> %0.log 2>nul

nslookup has been obsolete for loooong time. I advise to not to waste your precious time learning utility, that is not supported any more.

Please tell me how do i monitor DNS, DHCP, Wins on my server

To monitor DNS you may use my script.

To test DHCP LOCALLY, the commands to inspire are:

REM Set automatic IP
netsh interface ip set address name=”LAN” dhcp
REM Set automatic DNS
netsh interface ip set dns “LAN” dhcp

I don’t know much about WINS…

dig -x is good enough. Thanks!

This might be silly… but I have to ask!

So the output is “235.43.126.75.in-addr.arpa domain name pointer cyberciti.org.”

Is “cyberciti.org” the CNAME in this case? If you look up other IP’s you get crazy outputs with dashes and long names which look like a CNAME. Is it too redundant to have yet another reverse entry for a CNAME?

No that is actual reverse entry. Our IP was changes some time ago. To get desired output try

for reverse lookup, do i need to provide domain name or hostname of my server to my isp from which i got public ip?
Domain name is example.com
hostname is abc.example.com

Thanks for sharing. This is a good way to see if your ns1. and ns2 are set correctly.

Can you please tell me how to create this reverse to records? I have 2 dedicated servers, 203.230 (ns1) / 200.254 (ns2), from localhost command ‘nslookup ip’ reply’s succes but from internet still not working, can you please create an full example?

This bash example should print all the hosts from 192.168.1.1 throught .254. (You could edit the IP address lines to suit your network, perhaps.)

I use this to generate rdns (reverse dns) files for my bind9 name server:

I still need to put the correct lines in at the top of the db.192 file (from db.empty), but it accomplishes most of what I am after.

As far as I know, the fastest and simplest way to set rDNS is to ask your Server Provider. They do it manually.

You are right only the provider can create rdns.

I have been asked to check our own DNS and WINS servers to make sure we have all the correct controller details for the . Domain are present.
Reason is We are currently arranging to move the PDC emulator role this week from IC. to BD.

note that you can use drill or dig on BSD too – not just Linux

Источник

RootUsers

Guides, tutorials, reviews and news for System Administrators.

12 Dig Command Examples To Query DNS In Linux

Dig (domain information groper) is a tool that is used for querying DNS servers for various DNS records, making it very useful for troubleshooting DNS problems.

By the end of this guide you will know how to use dig to perform different types of DNS lookups in Linux.

Install Dig

In order to use the dig command we must first install it. In CentOS/RHEL/Fedora dig is part of the ‘bind-utils’ package.

For Debian/Ubuntu based distributions it comes from the ‘dnsutils’ package.

How To Use dig – Command Examples

1. Basic DNS Query

In its most simplest form we can specify a domain name after the dig command and it will perform a DNS lookup, as shown below.

In this output we can see that google.com has an A record pointing to the IP address 216.58.220.110.

By default with no name server specified the DNS resolver in the /etc/resolv.conf file will be used, dig will also look for an A record with no other options specified.

2. Query Specific Name Server

In the above example we did not query any specific name server, so our query would have been sent to whatever is configured in our /etc/resolv.conf file which will contain the DNS resolvers that our Linux system is configured to use. We can specify a name server to send the query to with the @ symbol, followed by the hostname or IP address of the name server to communicate with.

Note that as we are now specifying some external name server to query, our network needs to permit outbound access to this destination on port 53, otherwise the query will fail.

3. Search For Record Type

So far we have seen that by default dig will return the A record, however we can specify any other records that we wish to query by simply appending the record type to the end of the query. In this example, we lookup the MX records associated with google.com.

In this example we can see 5 different MX records returned, all with varying priority. Generally the record with the lowest priority will be used first, so in this case aspmx.l.google.com.

4. Reverse DNS Lookup

We can use the dig command to perform a reverse DNS lookup, that is we can query an IP address and find the domain name that it points to by querying the PTR record. This is done by using the -x option followed by the IP address to query. In the below example we perform a reverse lookup on one of the IP addresses that google.com resolved to in the first example.

This IP address has two PTR records, pointing to syd10s01-in-f14.1e100.net and syd10s01-in-f110.1e100.net.

5. Trace DNS Path

We can perform a trace on the DNS lookup path with the +trace option, as shown below while querying google.com we can see what actually happens. First the root name servers for ‘.’ are looked up, followed by the name servers for the .com domain, and then finally the name servers for google.com are returned, followed by the DNS records for it.

6. Adjust Answer Size

By default dig runs with full long output, which displays a lot of verbose information. While useful, there may be times where we simply want our result returned. This can be achieved with the +short option, as shown below when we query google.com we only see the IP address result without any further information.

7. Lookup From File

Specifying a single domain after the dig command is not the only way to perform a lookup, we can also supply dig a list of domains from a file (one domain per line) which can be useful if you need to script bulk DNS lookups. In the below example, we use the -f option to read the file query.txt which contains three domains. For brevity I have also made use of +short here so we only see the IP addresses returned rather than the full output which would be quite long.

8. Specify Port Number

By default the dig command queries port 53 which is the standard DNS port, however we can optionally specify an alternate port if required. This may be useful if an external name server is configured to use a non standard port for some reason. We specify the port to query with the -p option, followed by the port number. In the below example we perform a DNS query to port 5300.

Note that the external name server must actually be listening for traffic on this port specified, and its firewall will also need to allow the traffic through otherwise the lookup will fail. In this example the connection times out, as 8.8.8.8 is not configured to listen on the random port 5300 that I selected for this example.

9. Use IPv4 Or IPv6

By default our dig queries are running over the IPv4 network, we can specify if we want to use the IPv4 transport with the -4 option, or alternatively we can specify to use the IPv6 transport with the -6 option.

Note that your Linux system will need to have an IPv6 network configured for this to work correctly.

10. Query All DNS Record Types

We can use the ‘ANY’ option to query all DNS record types, this way we can quickly see all DNS records available for a domain. In the below example we can see the results for all types of different records, including A, AAAA, TXT, MX and NS.

It should be noted that some name servers do not support this and will deny the request, for example many domains behind Cloudflare will simply return the below record only.

11. Customize Dig Output

There are many different options that we can specify to customize what the dig command will print out.

Hide All
With the +noall option, we can hide almost all output.

Now from this clean base, we can choose what we want to display. We can also disable components from the default output in a similar manner.

Print Statistics
By default some basic statistics appear at the bottom of the dig query, including query time, the server queried, when it happened and the message size. These can be removed with the +nostats option, or added with +stats.

Print Answer
We can output the answer to the DNS query with the +answer option, as shown below we now actually see the IP address from the DNS query.

Hopefully this gives you a basic understanding of how we can hide and display particular components of the dig output, there are many more options available and I recommend checking the manual page for further information on which specific parts can be displayed or hidden.

12. Adjust Defaults With

We can create a .digrc file in our home directory to include any custom options that we want dig to run with by default. This way we can specify various options in the

/.digrc file that will always automatically run with the dig command.

In the below example we add the +short option to the .digrc in our home directory and then perform a dig on google.com, we can see that the output confirms it was run with +short even though we did not specify it on the command line.

Summary

We have seen how the dig command can be used in many different ways to perform DNS queries in Linux, making it a useful tool for troubleshooting or performing DNS lookups.

If you’re after further information on this topic, check out our DNS troubleshooting guide.

Источник