Discover the reverse DNS entries for an IP address, a range of IP addresses or a domain name. IP based reverse DNS lookups will resolve the IP addresses in real time, while the domain name or hostname search uses a cached database (see below for details).
Recon: Find host names with Reverse DNS Lookups
A reverse DNS record (or
PTR record) is simply an entry that resolves an IP address back to a host name. Most people are aware of the forward lookup, also known as an
A record that finds an IP address from a host name so that an Internet service is able to be accessed.
When an attacker or penetration tester assesses an organization, they will commonly attempt to map the footprint of the organization in order to find the all the weak points to attack. By gathering a list of possible host names, IP addresses and IP network blocks that are related to the targeted organization an attack surface is able to developed. With this reverse DNS tool you are able to not only resolve single IP addresses but also a range of IP addresses or a search for all the reverse DNS containing a domain name.
Perform a query using either a single IP
220.127.116.11 , a range such as
127.0.0.1-10 or CIDR notation
127.0.0.1/27. You are also able to search for hostnames such as
example.com. Reverse DNS resolution of a range of IP addresses is limited to 254 addresses (a
/24 or smaller subnet).
Reverse DNS hostname search
Use the hostname search ability of the DNS reverse lookup to find all the reverse DNS entries for a particular organisation. Simply enter an organisations domain name
example.com to get the results. Currently the results are limited to a maximum of 5000 results - this will typically only be an issue for big Internet services companies and ISP's.
Much of the data used for the hostname search comes from the excellent scans.io project that is run out of the Rapid7 labs. The database of reverse DNS entries was last updated on 11/10/16 and covers the full IPv4 address space. This equates to 57GB of plain text DNS PTR records.
Where are Reverse DNS entries used
Many Internet services, network tools and server logging will use reverse DNS to populate IP address fields with a more human readable hostname. An example of this can be seen in the output of a traceroute tool.
Configuring Reverse DNS
Reverse DNS is configured and controlled by the IP block owners. The reverse DNS host name will often be configured to indicate the netblock owner such as ISP or web hosting provider.
If you are hosting a server with a dedicated IP address and would like to have reverse DNS configured (required if you are running an Internet mail server). The PTR record will usually be configured through your IP block hosting provider (usually the server hosting company).
Reverse DNS API
In addition to the web form you can also quickly access the reverse DNS tool using the API. The output will be in plain text and will include the IP address and the reverse DNS host name with a
space separating them. Access the API using a web
curl or any common scripting language.
This query will display the reverse DNS from the public DNS server provided by Google (18.104.22.168).
The API is designed to be used as a quick reference tool and not for bulk queries; like all our IP Tools there is a limit of 100 (total) requests from a single IP Address per day.