How to Use Reverse DNS Lookup Command on Windows. Are you curious about reverse DNS lookup and how to run the command on Windows? This article is your guide.
There are various ways to perform reverse DNS lookup on a Windows PC. However, you require some introductory “DNS 101” crash course to understand the commands and interpret their results. So, this article starts by explaining DNS, forward, and reverse lookups.
Next, there is an explanation how reverse lookup works. Additionally, the article discusses their benefits and explaining various methods how to do it on a Windows PC.
If you’re familiar with basic DNS terms, including forward and reverse lookups, jump to the section “3 Methods to Perform Reverse DNS Lookup on Windows.”
What is Reverse DNS Lookup?
DNS (Domain Name Service) lies at the heart of the internet or any computer network. Internet will not work without DNS.
DNS ensures that internet users use the names of websites rather than remember their computer addresses.
Computers communicate with numbers (1s and 0s). So, all computers on the internet have a unique number that identifies them, known as IP (Internet Protocol) address.
For example, the IP address of our website, InfraSOS.com, is 22.214.171.124 – more on this later.
However, when you visit the site, you use InfraSOS.com, which is easy to remember.
Thousands of DNS servers on the internet do the job of resolving (mapping) host names of servers to their IP addresses and vice versa.
So, when you enter InfraSOS.com on your computer’s browser, your computer contacts a DNS server to get the web server’s IP address. When it receives the IP address, it goes through other “handshakes” and eventually displays the content of InfraSOS.com on your browser.
The process of a DNS mapping the website, InfraSOS.com to its IP address, 126.96.36.199, is called “Forward Lookup.” However, some internet services may have the IP address of a server but require the hostname.
Thankfully, DNS servers also have this information. When a service needs to resolve (map) an IP address to a hostname, we call the process “Reverse Lookup.”
So, because the query is performed by a DNS server, the process is rightly called “Reverse DNS Lookup.”
How Does Reverse DNS Work?
Earlier, I mentioned that your computer queried a DNS server when you entered InfraSOS.com on the browser. The query process involves looking for a DNS server on the Internet that is “authoritative” for the name, InfraSOS.com.
That DNS server holds the information that maps InfraSOS.com to its IP address in a record called “Host (A).” This record exists on the “Forward Lookup Zones” of a DNS server record.
The “Host (A)” record maps the server’s name to its IP address. In the screenshot below, the name infopresssrv1 is mapped to its IP address, 192.168.0.100.
When this DNS server receives a request for the IP address of the server, it checks if it has a “Host A” record for the requested hostname. If it does, it returns it to the requester.
Meanwhile, this screenshot shows the same information on Cloudflare.
In addition to the forward lookup zone, a DNS server has a Reverse Lookup Zone. One of the records in this zone is called “PTR.” PTR (pointer records) is responsible for resolving reverse lookup queries.
So, if a DNS server does not have a PTR record, it cannot resolve host names to an IP address.
In other words, when you run a reverse DNS lookup command on a Windows PC (or other computers), the command will not return a result if the authoritative server for that website (hostname) does not have a PTR record.
Benefits of Reverse DNS Lookup
Reverse lookups are used by email servers. When an email server receives an email, it verifies that the sending server is legitimate before forwarding it.
It does this by requesting the server to confirm its IP address. Sometimes, malicious actors hijack an email server and use it to send emails to unsuspecting victims.
To avoid these emails reaching their target, the recipient’s email server requests that the sending server confirm its IP address. If the sender uses a hijacked server, it will not have a PTR record, so it fails to respond to the reverse lookup query.
Many email servers reject email forward requests from servers that do not have PTR records.
Another benefit of reverse lookup is found in logging software. When logging software register activities, they include the source and destination IP addresses.
In addition to the IP addresses, they also register the source and destination host names to make it easy to analyse the record. Getting this information is possible through the process of reverse DNS lookup.
Try our Active Directory & Office 365 Reporting & Auditing Tools
Try us out for Free. 100’s of report templates available. Easily customise your own reports on AD, Azure AD & Office 355.
3 Methods to Perform Reverse DNS Lookup
1. Use NSLOOKUP Command for Reverse DNS Lookup on Windows
Typically a Windows Admin uses NSLOOKUP command to perform DNS lookup. But, there are other commands to perform name lookup (forward or reverse) in Windows.
Before then, let’s explore how to use the NSLOOKUP command to perform reverse (and forward) DNS lookup on a Windows PC.
The NSLOOKUP Command queries the DNS server on your Windows network settings to resolve IP addresses to host names (reverse lookup). So, before running the NSLOOKUP Command, you must check that your PC has a DNS server.
There are 2 ways to configure a DNS server on Windows. Manually entering the DNS server IP address or via a DHCP server.
Check the DNS server configuration of your Windows PC.
However, the best way to do this is by running the “ipconfig /all” command. The command displays the DNS server entries on your Windows PC.
Once you’ve confirmed that your PC has DNS entries (manually or via DHCP), open the command prompt by searching for it.
Then, to perform a forward lookup, enter the command below. Replace “hostname” with the name of the server or website you want to query its IP address.
For instance, run the command below to perform a forward lookup for InfraSOS.com.
The NSLOOKUP command also performs a reverse DNS lookup. However, instead of specifying the hostname, you use an IP address. The forward lookup command returned the IP address of InfraSOS.com as 188.8.131.52.
To perform a reverse lookup (using the IP to find the website’s name) command on my Windows PC. The second command specifies the record type to return.
See the results below.
nslookup -type=ptr 184.108.40.206
2. Use Resolve-DnsName PowerShell Command for Reverse DNS Lookup on Windows
The Resolve-DnsName PowerShell command is a better tool.
To use this command, search for and open PowerShell. Then, run the command below to perform a forward lookup of a hostname.
3. Use whatsmydns.net for Reverse DNS Lookup on Windows
Well, some websites offer forward and reverse lookups. This method helps check DNS propagation after modifying it for a website.
A popular website for performing forward and reverse DNS lookups is whatsmydns.net.
To perform a lookup for a website, enter the domain name on the first field, then select a record type – A (default) performs a forward lookup. Finally, click the search button.
How to Use Reverse DNS Lookup Command on Windows Conclusion
IT admins and users may perform a reverse DNS lookup on Windows and other Operating Systems for various reasons. Top on the list is for troubleshooting DNS problems.
This article explained three methods to perform forward and reverse DNS lookups on a Windows PC. But before we did that, the article offered a “DNS 101” crash course to help readers understand the results of the DNS lookups.
To achieve this, we explained DNS as well as forward and reverse lookups and zones. Additionally, the article discussed how reverse DNS lookup works and explored some of its benefits.
Try InfraSOS for FREE
Try InfraSOS Active Directory, Azure AD & Office 365 Reporting & Auditing Tool