What's the command-line utility in Windows to do a reverse DNS look-up?

223

42

Is there a built-in command line tool that will do reverse DNS look-ups in Windows? I.e., something like <toolname> w.x.y.z => mycomputername

I've tried:

  • nslookup: seems to be forward look-up only.
  • host: doesn't exist
  • dig: also doesn't exist.

I found "What's the reverse DNS command line utility?" via a search, but this is specifically looking for a *nix utility, not a Windows one.

alastairs

Posted 2009-07-15T14:22:43.027

Reputation: 1 240

4This question should be edited to say that it's not really looking for a DNS-specific solution. The answers that were rejected provide that answer, but the issue was that you actually needed something that looks up NetBIOS names, not DNS. – Barmar – 2014-11-18T19:15:12.080

Answers

213

ping -a w.x.y.z

Should resolve the name from the IP address if the reverse lookup zone has been set up properly. If the reverse lookup zone does not have an entry for the record, the -a will just ping without a name.

Peter

Posted 2009-07-15T14:22:43.027

Reputation: 4 612

@Peter I think that specifically the way ping also has other sources than DNS (eg netbios or hosts file) is what makes it a very bad tool for the job as it will silently produce misleading results if the user is trying to test reverse DNS lookups (what the question asks for). – Håkan Lindqvist – 2016-10-14T06:09:18.470

I usually try this (ping -a) first, but I have seen where that would fail, because the server wasn't responding/didn't exist, in which case PING shows you nothing, but nslookup will show you the DNS lookup information even if the server does not exist. – Abacus – 2016-11-29T15:24:11.703

ping actually causes your network stack to instruct your PHY to move electrons (or radio waves, or light waves) around in the world, which when received by a PHY on the other end, will cause the network stack on that machine to (probably) use its PHY, too. The result is a cascade of events that eventually results in an ICMP packet arriving at the machine you wanted to know the hostname of. That machine may reply! Theoretically, cascade could literally circle the globe... This is all dramatically different than the stated question: how to perform a reverse lookup on Windows... – daveloyall – 2017-05-24T19:26:36.583

2This worked better than nslookup as the conflicting machine is on another domain. Thanks a lot! – alastairs – 2009-07-15T14:53:12.513

Worked like a charm – Jacques – 2012-10-08T08:23:25.057

This doesn't work for me, maybe because I'm on the same domain. – Kev – 2013-04-16T13:44:33.217

2in nslookup you can also try: set type=PTR <enter> w.x.y.z <enter> – Peter – 2013-05-10T16:18:11.283

@Peter: Is that even needed? nslookup <ip address> will return the PTR record, without specifying it implicit. – abstrask – 2013-10-16T07:34:35.867

1@abstrask has the most complete answer – vinnyjames – 2013-11-18T21:47:26.580

6This works, but it's actually the wrong tool for the job. Ping is used to measure network latency, it performs name (or IP) lookups just as a side effect of its main purpose. – Massimo – 2014-06-03T17:48:46.667

2@ Massimo - given the constraints of the original question what would you suggest instead? Ping will resolve DNS & netbios names which makes it a good first tool if you just need something quick. – Peter – 2014-06-05T16:56:05.383

To answer the question appropriately one should use nslookup – Shawn Welch – 2015-11-05T15:08:43.587

1ping is categorically not the right tool for the job. As stated, the lookup is a byproduct. – dmourati – 2016-02-23T04:00:26.220

102

nslookup <ip>

Does what you're looking for. It will tell you the server you're querying and the result.

For example:

c:\>nslookup 192.168.101.39
Server: dns1.local
Address: 192.168.101.24

Name: enigma.local
Address: 192.168.101.39

Mark Turner

Posted 2009-07-15T14:22:43.027

Reputation: 2 104

6This was failing with a message "<DC> can't find w.x.y.z: Non-existent domain" and I couldn't work out why. I tried @Peter's answer, and found the conflicting machine was on another domain. – alastairs – 2009-07-15T14:52:19.600

6It failed because nslookup only cares about DNS, while names in Windows can and will be resolved by other means if DNS isn't enough. – Massimo – 2014-06-03T17:50:13.947

73

The trouble with "ping" is that it's not strictly a name server lookup tool (like nslookup) - for instance if you ping a hostname, it can be resolved to an IP address by a number of methods: DNS lookup, host file lookup, WINS (god forbid) or NetBIOS broadcast. It can also return a potentially out-dated cached result.

The order in which the methods are tried, depends on the clients' TCP/IP configuration and node type flag:

  • B-node (1): Broadcast
  • P-node (2): Peer (WINS only)
  • M-node (4): Mixed (broadcast, then WINS)
  • H-node (8): Hybrid (WINS, then broadcast)

To see the node type of the current computer:

C:\>ipconfig /all | find "Node Type"
Node Type . . . . . . . . . . . . : Hybrid

If the resolution method is of no concern, use

ping -a w.x.y.z

or

nslookup w.x.y.z

as you please. If you need to be sure you're querying your DNS server for the correct name, use nslookup.

See also

abstrask

Posted 2009-07-15T14:22:43.027

Reputation: 1 358

22

Use NSLOOKUP with the "-type=ptr" parameter to query the IP address, syntax:

nslookup -type=ptr 1.2.3.4

Then the "in-addr.arpa" entry is also printed (even when not found), for example:

C:\Users\UserName>nslookup -type=ptr 8.8.8.8
Server:  MyDnsServerName
Address:  X.X.X.X

Non-authoritative answer:
8.8.8.8.in-addr.arpa    name = google-public-dns-a.google.com

Compared to the lower fidelity response when using NSLOOKUP on an IP address without the type parameter:

C:\Users\UserName>nslookup 8.8.8.8
Server:  MyDnsServerName
Address:  X.X.X.X

Name:    google-public-dns-a.google.com
Address:  8.8.8.8

M Aguilar

Posted 2009-07-15T14:22:43.027

Reputation: 709

1Actually the -type=ptr is necessary for proper reverse lookup checking because it prints a more accurate result than nslookup with just an IP address. It's much better to have the actual in-addr.arpa entry printed (also when not found) to assist with debugging or just clarify what is going on. – Tony Wall – 2018-03-14T10:45:00.543

2If you want to use interactive nslookup, then at the nslookup prompt type "set q=ptr" and then enter the IP on the next line. If you're crazy old-school like me, then you didn't realize until just now that you no longer have to search for the IP backwards, like "1.0.0.127.in-addr.arpa". – Todd Wilcox – 2014-09-04T17:22:37.700

4No need to -type=ptr or set q=ptr at all - nslookup is clever enough to regonise an IP address and do a reverse lookup instead of forward – abstrask – 2014-09-04T21:04:28.840

12

nslookup will do reverse DNS on windows just as it can do it on linux.

Of course, there isn't a reverse entry for every ip address

theotherreceive

Posted 2009-07-15T14:22:43.027

Reputation: 7 417

2Good point that not all hosts will have a PTR record created for them – Rowland Shaw – 2009-07-16T07:51:03.010

2Note that nslookup on Linux, BSD, and Windows do different things and are different programs. – Good Person – 2012-12-27T18:35:24.410

1If no PTR exists, you can whois the IP for more info..... prob doesnt ship with windoze either lol – nandoP – 2014-06-03T18:00:51.140

6

Use nslookup like this:

nslookup -type=PTR  127.0.0.1

ko-dos

Posted 2009-07-15T14:22:43.027

Reputation: 1 249

5

You can use the standard NSLOOKUP command:

nslookup 123.123.123.123

In order to get a result there has to be a PTR record registered for the IP address in question.

splattne

Posted 2009-07-15T14:22:43.027

Reputation: 25 439

4

nslookup will do reverse lookups in Windows.

C:\>nslookup star.slashdot.org

Server:  my-dns-server
Address:  10.242.0.1

Name:    star.slashdot.org
Address:  216.34.181.48

C:\>nslookup 216.34.181.48

Server:  my-dns-server
Address:  10.242.0.1

Name:    star.slashdot.org
Address:  216.34.181.48

Evan Anderson

Posted 2009-07-15T14:22:43.027

Reputation: 134 345

3

Under Windows....

Standard ping does NOT return host name of IP address

NSLookup can be used to find this info, if DNS is setup properly

Procedure as follows:

Open DOS prompt

NSLookup

set type=ptr

a.b.c.d

Results will be shown with reverse DNS server address, and host name

Ivo van Selst

Posted 2009-07-15T14:22:43.027

Reputation: 31

2

9 answers and no one said how to reverse lookup with dig? Its the best

dig -x w.x.y.z

Also, you can add "+short" for use in bash loops, scripts, etc.... forward or reverse :)

nandoP

Posted 2009-07-15T14:22:43.027

Reputation: 1 834

2No one has mentioned dig as it does not ship with Windows. The OP's question even indicates this. – jscott – 2014-06-03T17:39:01.063

2dig is generally the best choice DNS troubleshooting, though. I think there is definitely some value to suggesting a better tool even though it does not ship with Windows. (Available in the Windows builds at https://www.isc.org/software/bind) – Håkan Lindqvist – 2014-06-03T17:53:56.453

0

There is yet another way. Reverse the IP address and use nslookup

nslookup -type=PTR 4.3.2.1.in-addr.arpa

to resolve the address 1.2.3.4

sweetfa

Posted 2009-07-15T14:22:43.027

Reputation: 397

1You would have to do nslookup -type=PTR 4.3.2.1.in-addr.arpa for it to actually work, though. – Håkan Lindqvist – 2016-10-14T05:56:29.500

0

If nslookup, dig, host does not exists, try this:

getent hosts google.de | awk '{ print $1 }'

Works e.g. on docker AWS ec2 instances (which really don't have anything installed)

Felix

Posted 2009-07-15T14:22:43.027

Reputation: 101