Your Easy Guide to Reverse DNS Lookups

Secably Research
Jul 15, 2026
7 min read
Network Security
Dns How-To Lookup Reverse Tutorial
Your Easy Guide to Reverse DNS Lookups
Your Easy Guide to Reverse DNS Lookups
You will accurately perform a reverse dns lookup for an IP address.

Prerequisites

  • A Linux, macOS, or Windows system with command-line access.
  • Internet connectivity.
  • Basic understanding of IP addresses and DNS.
  • dig, nslookup, or host utilities installed (usually pre-installed).

Understanding Reverse DNS Lookup

A reverse dns lookup translates an IP address back to its associated domain name. This differs from a standard DNS lookup, which resolves a domain name to an IP address. Security teams use reverse DNS for email authentication, logging, and network reconnaissance. Knowing the hostname for an IP helps identify suspicious traffic sources or verify legitimate services.

Performing a Reverse DNS Lookup with dig

The dig utility offers flexible DNS name server queries. It is part of the BIND utilities package, common on Linux and macOS systems. For a reverse dns lookup, you query for a PTR (Pointer) record.

To perform a reverse dns lookup using dig, specify the -x option followed by the IP address.

dig -x 8.8.8.8

This command queries for the PTR record of Google's public DNS server. The output provides detailed information about the DNS query and response.

Expected output resembles this:

; <<>> DiG 9.16.1-Ubuntu <<>> -x 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa.          IN      PTR

;; ANSWER SECTION:
8.8.8.8.in-addr.arpa.   299     IN      PTR     dns.google.

;; Query time: 10 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Jan 01 12:00:00 UTC 2024
;; MSG SIZE  rcvd: 71

Examine the ANSWER SECTION. The line starting with 8.8.8.8.in-addr.arpa. shows the PTR record. In this example, dns.google. is the domain name associated with 8.8.8.8.

You can also specify a different DNS server to query using the @server syntax. This helps when troubleshooting or querying specific authoritative servers.

dig -x 8.8.8.8 @1.1.1.1

This command queries Cloudflare's DNS server (1.1.1.1) for the reverse DNS record of 8.8.8.8. The output format remains consistent.

Performing a Reverse DNS Lookup with nslookup

The nslookup utility is another common tool for DNS queries, available on Windows, Linux, and macOS. It can operate in interactive or non-interactive modes. For a quick reverse dns lookup, use the non-interactive mode.

To use nslookup for a reverse lookup, simply provide the IP address as an argument.

nslookup 8.8.8.8

The utility automatically detects an IP address and performs a reverse lookup. It queries your configured DNS server by default.

Expected output looks like this:

Server:         192.168.1.1
Address:        192.168.1.1#53

Non-authoritative answer:
8.8.8.8.in-addr.arpa    name = dns.google.

Authoritative answers can be found from:

The line name = dns.google. directly shows the resolved hostname. The Server and Address lines indicate the DNS server that processed your query.

To specify a different DNS server with nslookup, provide the IP address followed by the DNS server's IP.

nslookup 8.8.8.8 1.1.1.1

This command instructs nslookup to use 1.1.1.1 as the resolver. The output will reflect the same resolved name but indicate 1.1.1.1 as the server queried.

Performing a Reverse DNS Lookup with host

The host command is a simpler utility for performing DNS lookups. It provides concise output, making it suitable for scripting or quick checks. Like dig, it is typically found on Unix-like systems.

To perform a reverse dns lookup with host, provide the IP address as an argument.

host 8.8.8.8

host automatically recognizes an IP address and performs a PTR query.

Expected output is concise:

8.8.8.8.in-addr.arpa domain name pointer dns.google.

The output directly presents the IP address's reverse DNS entry. This format is straightforward for parsing. You can specify a custom DNS server with host by placing the server's IP address before the target IP.

host 1.1.1.1 8.8.8.8

Here, 1.1.1.1 is the DNS server queried for the reverse lookup of 8.8.8.8.

Using Online Tools for Reverse DNS Lookup

Several online tools offer reverse DNS lookup capabilities without command-line access. These tools often provide additional context or historical data. Secably offers a free DNS lookup tool that includes reverse DNS. You simply input the IP address, and it returns the associated hostname if a PTR record exists. This can be useful for quick checks or when you lack direct terminal access. Other services like Zondex offer broader internet-wide scanning and reconnaissance features that might include reverse DNS as part of a larger data set.

To use Secably's tool:

  1. Navigate to the Secably DNS Lookup tool.
  2. Enter the target IP address (e.g., 8.8.8.8) into the input field.
  3. Click the "Lookup" or "Submit" button.
  4. Review the results, which will display the PTR record if found.

Secably's free tools require no signup. Paid plans for continuous monitoring start at $19/month.

Verification Steps

After performing a reverse dns lookup, verify the result. The most common verification involves performing a forward DNS lookup on the hostname you found. The forward lookup should resolve back to the original IP address. This confirms a consistent DNS configuration.

For example, if your reverse lookup of 8.8.8.8 returned dns.google., perform a forward lookup on dns.google.:

dig dns.google

Expected output should show the A record for dns.google.:

;; ANSWER SECTION:
dns.google.             299     IN      A       8.8.8.8

This confirms that dns.google. resolves to 8.8.8.8. The consistency of forward and reverse DNS records is crucial for email deliverability and service trust. Inconsistent records can trigger spam filters or indicate misconfigurations. Learn more about checking other DNS records in our guide on How to Check DNS TXT Records on Linux.

Another verification method involves looking up DNS history. Tools exist to check historical DNS records, which can reveal past changes or identify potential domain hijacking attempts. Our blog post on How to Check DNS History on Linux, Mac provides further details.

Troubleshooting

Issue 1: No PTR Record Found (NXDOMAIN)

Symptom: The lookup returns an error like "NXDOMAIN" (Non-Existent Domain) or "no PTR record found."

dig -x 192.0.2.1
...
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12345
...
;; QUESTION SECTION:
;1.2.0.192.in-addr.arpa.          IN      PTR

Reason: Not all IP addresses have a reverse DNS record configured. This is common for consumer IPs, dynamic IPs, or IPs not intended for public-facing services. The domain owner controls the PTR record in the in-addr.arpa zone. They might have chosen not to create one.

Solution: Confirm the IP address is correct. Understand that a missing PTR record is often normal. If you expect a PTR record (e.g., for a mail server), contact the IP address owner or hosting provider. They configure PTR records on their authoritative DNS servers.

Issue 2: Incorrect or Unexpected Hostname Returned

Symptom: The reverse lookup returns a hostname, but it does not match your expectations (e.g., a generic ISP hostname instead of your specific service name).

host 203.0.113.5
5.113.0.203.in-addr.arpa domain name pointer generic-isp-customer.example.net.

Reason: The IP address might belong to a shared hosting environment, a CDN, or a load balancer. The reverse DNS record points to the infrastructure provider's generic name, not your specific application. The PTR record might also be outdated or incorrectly configured by the IP owner.

Solution: Verify the IP address belongs to the intended service. If it is a shared resource, the generic hostname is expected. If it should be specific, contact the hosting provider or your network administrator. Request they update or create the correct PTR record for your IP. Ensure your forward DNS (A record) points to the correct IP. Mismatched forward and reverse records can cause issues with email deliverability or service trust.

Issue 3: DNS Server Timeout or Refused Query

Symptom: The command-line tool hangs, returns a timeout error, or indicates the DNS server refused the query.

dig -x 8.8.8.8 @10.0.0.1
;; connection timed out; no servers could be reached

Reason: Your specified DNS server is unreachable, misconfigured, or blocking your queries. Network connectivity issues between your machine and the DNS server can also cause this. Firewalls might block DNS (UDP port 53) traffic.

Solution: First, check your internet connectivity. Ping the DNS server you are trying to use (e.g., ping 8.8.8.8). If the ping fails, investigate network issues or firewalls. Try using a different, known-good public DNS server (e.g., 8.8.8.8 or 1.1.1.1) in your command. For example, dig -x [your_ip] @8.8.8.8. If the issue persists with multiple public resolvers, your local network or ISP might be interfering. Consult your network administrator.

Issue 4: Caching Issues Leading to Stale Results

Symptom: A reverse DNS lookup returns an old hostname, even after you know the PTR record has been updated.

Reason: DNS resolvers cache results for a period defined by the Time-To-Live (TTL) value. Your local resolver or an upstream DNS server might be serving cached, stale data.

Solution: Wait for the TTL to expire. For immediate verification, bypass local caches. Specify a public DNS server known for fast cache invalidation or with no local cache. For example, use dig -x [your_ip] @8.8.8.8 +noall +answer. This explicitly queries Google's DNS and requests only the answer section, reducing potential local caching interference. You can also flush your local DNS cache. On Windows, use ipconfig /flushdns. On macOS, use sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder. On Linux, restart the systemd-resolved service or any other local caching resolver.

Check your site for vulnerabilities

Run a free security scan — no signup, results in seconds.

Related Posts

Stronger security starts with visibility.

Scan your website for vulnerabilities and get actionable insights.