306

Is there a built-in command line tool that will do reverse DNS look-ups in Windows? I.e., something like <toolname> w.x.y.z => mycomputername

I've tried:

  • nslookup: seems to be forward look-up only.
  • host: doesn't exist
  • dig: also doesn't exist.

I found "What's the reverse DNS command line utility?" via a search, but this is specifically looking for a *nix utility, not a Windows one.

Community
  • 1
alastairs
  • 3,195
  • 3
  • 19
  • 11
  • 5
    This question should be edited to say that it's not really looking for a DNS-specific solution. The answers that were rejected provide that answer, but the issue was that you actually needed something that looks up NetBIOS names, not DNS. – Barmar Nov 18 '14 at 19:15
  • 2
    @bamar Disagree. This _is_ a DNS question; it has nothing to do with NetBIOS or NetBIOS names. – Chuck Kollars Oct 19 '20 at 14:18
  • nslookup definitely supports reverse lookups in 2022 – madacoda Mar 03 '22 at 06:12

14 Answers14

281
ping -a w.x.y.z

Should resolve the name from the IP address if the reverse lookup zone has been set up properly. If the reverse lookup zone does not have an entry for the record, the -a will just ping without a name.

chicks
  • 3,793
  • 10
  • 27
  • 36
Peter
  • 5,453
  • 1
  • 26
  • 32
  • 4
    This worked better than nslookup as the conflicting machine is on another domain. Thanks a lot! – alastairs Jul 15 '09 at 14:53
  • 7
    in nslookup you can also try: set type=PTR w.x.y.z – Peter May 10 '13 at 16:18
  • @Peter: Is that even needed? nslookup will return the PTR record, without specifying it implicit. – abstrask Oct 16 '13 at 07:34
  • 12
    This *works*, but it's actually the wrong tool for the job. Ping is used to measure network latency, it performs name (or IP) lookups just as a *side effect* of its main purpose. – Massimo Jun 03 '14 at 17:48
  • 5
    @ Massimo - given the constraints of the original question what would you suggest instead? Ping will resolve DNS & netbios names which makes it a good first tool if you just need something quick. – Peter Jun 05 '14 at 16:56
  • To answer the question appropriately one should use nslookup – Shawn Welch Nov 05 '15 at 15:08
  • 2
    ping is categorically not the right tool for the job. As stated, the lookup is a byproduct. – dmourati Feb 23 '16 at 04:00
  • 2
    @Peter I think that specifically the way ping also has other sources than DNS (eg netbios or hosts file) is what makes it a very bad tool for the job as it will silently produce misleading results if the user is trying to test reverse DNS lookups (what the question asks for). – Håkan Lindqvist Oct 14 '16 at 06:09
  • I usually try this (ping -a) first, but I have seen where that would fail, because the server wasn't responding/didn't exist, in which case PING shows you nothing, but nslookup will show you the DNS lookup information even if the server does not exist. – Abacus Nov 29 '16 at 15:24
  • `ping` actually causes your network stack to instruct your PHY to move electrons (or radio waves, or light waves) around in the world, which when received by a PHY on the other end, will cause the network stack on that machine to (probably) use its PHY, too. The result is a cascade of events that eventually results in an ICMP packet arriving at the machine you wanted to know the hostname of. That machine may reply! Theoretically, cascade could literally circle the globe... This is all dramatically different than the stated question: how to perform a reverse lookup on Windows... – daveloyall May 24 '17 at 19:26
145
nslookup <ip>

Does what you're looking for. It will tell you the server you're querying and the result.

For example:

c:\>nslookup 192.168.101.39
Server: dns1.local
Address: 192.168.101.24

Name: enigma.local
Address: 192.168.101.39
Mark Amerine Turner
  • 2,604
  • 1
  • 17
  • 17
  • 12
    This was failing with a message " can't find w.x.y.z: Non-existent domain" and I couldn't work out why. I tried @Peter's answer, and found the conflicting machine was on another domain. – alastairs Jul 15 '09 at 14:52
  • 11
    It failed because nslookup only cares about DNS, while names in Windows can and will be resolved by other means if DNS isn't enough. – Massimo Jun 03 '14 at 17:50
89

The trouble with "ping" is that it's not strictly a name server lookup tool (like nslookup) - for instance if you ping a hostname, it can be resolved to an IP address by a number of methods: DNS lookup, host file lookup, WINS (god forbid) or NetBIOS broadcast. It can also return a potentially out-dated cached result.

The order in which the methods are tried, depends on the clients' TCP/IP configuration and node type flag:

  • B-node (1): Broadcast
  • P-node (2): Peer (WINS only)
  • M-node (4): Mixed (broadcast, then WINS)
  • H-node (8): Hybrid (WINS, then broadcast)

To see the node type of the current computer:

C:\>ipconfig /all | find "Node Type"
Node Type . . . . . . . . . . . . : Hybrid

If the resolution method is of no concern, use

ping -a w.x.y.z

or 

nslookup w.x.y.z

as you please. If you need to be sure you're querying your DNS server for the correct name, use nslookup.

See also

abstrask
  • 1,688
  • 14
  • 24
  • Keep in mind that there are loads of IP addresses out there without a PTR record. So reverse lookup through DNS simply doesn't work on those because there's nothing to look up. – Xzenor Apr 24 '20 at 09:43
  • @Xzenor True, hence: "If the resolution method is of no concern" and "If you need to be sure you're querying your DNS server for the correct name, use **nslookup**". I provide answers for both options, but the question is specifically about doing reverse **DNS** look-up. – abstrask Apr 25 '20 at 11:01
39

Use NSLOOKUP with the "-type=ptr" parameter to query the IP address, syntax:

nslookup -type=ptr 1.2.3.4

Then the "in-addr.arpa" entry is also printed (even when not found), for example:

C:\Users\UserName>nslookup -type=ptr 8.8.8.8
Server:  MyDnsServerName
Address:  X.X.X.X

Non-authoritative answer:
8.8.8.8.in-addr.arpa    name = google-public-dns-a.google.com

Compared to the lower fidelity response when using NSLOOKUP on an IP address without the type parameter:

C:\Users\UserName>nslookup 8.8.8.8
Server:  MyDnsServerName
Address:  X.X.X.X

Name:    google-public-dns-a.google.com
Address:  8.8.8.8
Tony Wall
  • 145
  • 5
M Aguilar
  • 899
  • 5
  • 5
  • 3
    If you want to use interactive nslookup, then at the nslookup prompt type "set q=ptr" and then enter the IP on the next line. If you're crazy old-school like me, then you didn't realize until just now that you no longer have to search for the IP backwards, like "1.0.0.127.in-addr.arpa". – Todd Wilcox Sep 04 '14 at 17:22
  • 6
    No need to `-type=ptr` or `set q=ptr` at all - `nslookup` is clever enough to regonise an IP address and do a reverse lookup instead of forward – abstrask Sep 04 '14 at 21:04
  • 1
    Actually the -type=ptr is necessary for proper reverse lookup checking because it prints a more accurate result than nslookup with just an IP address. It's much better to have the actual in-addr.arpa entry printed (also when not found) to assist with debugging or just clarify what is going on. – Tony Wall Mar 14 '18 at 10:45
15

nslookup will do reverse DNS on windows just as it can do it on linux.

Of course, there isn't a reverse entry for every ip address

theotherreceive
  • 8,365
  • 1
  • 31
  • 44
10

Use nslookup like this:

nslookup -type=PTR  127.0.0.1
ko-dos
  • 1,369
  • 8
  • 10
7

You can use the standard NSLOOKUP command:

nslookup 123.123.123.123

In order to get a result there has to be a PTR record registered for the IP address in question.

splattne
  • 28,508
  • 20
  • 98
  • 148
6

11 years have passed and Windows Powershell ships with every release of Windows Server and Client.

 Resolve-DnsName 8.8.8.8

Name                           Type   TTL   Section    NameHost
----                           ----   ---   -------    --------
8.8.8.8.in-addr.arpa           PTR    86400 Answer     dns.google
8.8.8.in-addr.arpa             NS     3600  Authority  ns2.google.com
8.8.8.in-addr.arpa             NS     3600  Authority  ns3.google.com
8.8.8.in-addr.arpa             NS     3600  Authority  ns1.google.com
8.8.8.in-addr.arpa             NS     3600  Authority  ns4.google.com

Name       : ns1.google.com
QueryType  : A
TTL        : 193102
Section    : Additional
IP4Address : 216.239.32.10


Name       : ns1.google.com
QueryType  : AAAA
TTL        : 193102
Section    : Additional
IP6Address : 2001:4860:4802:32::a


Name       : ns2.google.com
QueryType  : A
TTL        : 193102
Section    : Additional
IP4Address : 216.239.34.10


Name       : ns2.google.com
QueryType  : AAAA
TTL        : 193102
Section    : Additional
IP6Address : 2001:4860:4802:34::a


Name       : ns3.google.com
QueryType  : A
TTL        : 193102
Section    : Additional
IP4Address : 216.239.36.10


Name       : ns3.google.com
QueryType  : AAAA
TTL        : 193102
Section    : Additional
IP6Address : 2001:4860:4802:36::a


Name       : ns4.google.com
QueryType  : A
TTL        : 193102
Section    : Additional
IP4Address : 216.239.38.10


Name       : ns4.google.com
QueryType  : AAAA
TTL        : 193102
Section    : Additional
IP6Address : 2001:4860:4802:38::a
Yolo Perdiem
  • 626
  • 1
  • 6
  • 14
6

nslookup will do reverse lookups in Windows.

C:\>nslookup star.slashdot.org

Server:  my-dns-server
Address:  10.242.0.1

Name:    star.slashdot.org
Address:  216.34.181.48

C:\>nslookup 216.34.181.48

Server:  my-dns-server
Address:  10.242.0.1

Name:    star.slashdot.org
Address:  216.34.181.48
Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
4

Under Windows....

Standard ping does NOT return host name of IP address

NSLookup can be used to find this info, if DNS is setup properly

Procedure as follows:

Open DOS prompt

NSLookup

set type=ptr

a.b.c.d

Results will be shown with reverse DNS server address, and host name

Community
  • 1
Ivo van Selst
  • 41
  • 1
4

9 answers and no one said how to reverse lookup with dig? Its the best

dig -x w.x.y.z

Also, you can add "+short" for use in bash loops, scripts, etc.... forward or reverse :)

nandoP
  • 2,021
  • 14
  • 15
  • 5
    No one has mentioned `dig` as it does not ship with Windows. The OP's question even indicates this. – jscott Jun 03 '14 at 17:39
  • 3
    `dig` is generally the best choice DNS troubleshooting, though. I think there is definitely some value to suggesting a better tool even though it does not ship with Windows. (Available in the Windows builds at https://www.isc.org/software/bind) – Håkan Lindqvist Jun 03 '14 at 17:53
  • While I agree that it's the best tool and it exists for Windows, it's not shipped with windows. – Xzenor Apr 25 '20 at 11:33
2

There is yet another way. Reverse the IP address and use nslookup

nslookup -type=PTR 4.3.2.1.in-addr.arpa

to resolve the address 1.2.3.4

sweetfa
  • 447
  • 4
  • 8
1

If nslookup, dig, host does not exists, try this:

getent hosts google.de | awk '{ print $1 }'

Works e.g. on docker AWS ec2 instances (which really don't have anything installed)

Felix
  • 111
  • 2
0

In case there's no reverse ptr for ping -a <ip> or nslookup <ip> to show, you can run ipconfig /displaydns | clip, open a text editor, paste, and search for the IP there.

Note that this will work only if the original DNS query was done via the Windows DNS resolver - some apps do their own DNS queries, like newer browsers using DNS-over-HTTPS.

Example:

> ping -a 151.101.193.69
Pinging 151.101.193.69 with 32 bytes of data:
(...)

> ipconfig /displaydns | clip
(Open notepad, paste, search for 151.101.193.69)

    serverfault.com
    ----------------------------------------
    Record Name . . . . . : serverfault.com
    Record Type . . . . . : 1
    Time To Live  . . . . : 450
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 151.101.193.69
Jonathan
  • 176
  • 4