20130105 dig ptr records - plembo/onemoretech GitHub Wiki

title: dig ptr records link: https://onemoretech.wordpress.com/2013/01/05/dig-ptr-records/ author: lembobro description: post_id: 3968 created: 2013/01/05 10:02:59 created_gmt: 2013/01/05 14:02:59 comment_status: closed post_name: dig-ptr-records status: publish post_type: post

dig ptr records

Ever wonder how to check for a ptr record using dig? Do you have any idea what I'm talking about? Read on. The ISC's dig utility is, of course, the preferred tool for working with DNS (Domain Name System) records. We're told that the ubiquitous nslookup is deprecated in favor of dig, although it continues to ship with Microsoft's operating system products (nslookup also still ships with most Linux distributions, including Red Hat Enterprise). Whatever tool you use to work with DNS records, being able to do a reverse DNS lookup is important. Incorrect or missing reverse zone, "PTR", records can cause name resolution problems and make auditing more difficult. Many high security applications will refuse connections if they can't reverse lookup an incoming IP address. Here's how to do a reverse zone lookup using nslookup:

[me@mine ~]$ nslookup 10.0.1.25
Server:         10.0.0.2
Address:        10.0.0.2#53

25.1.0.15.in-addr.arpa       name = target.example.com.

Here's the same operation using dig:

[me@mine ~]$ dig ptr 25.1.0.10.in-addr.arpa

; <> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <> ptr 25.1.0.10.in-addr.arpa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14846
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;25.1.0.10.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
25.1.0.10.in-addr.arpa. 259200 IN    PTR     target.example.com.

;; AUTHORITY SECTION:
1.0.10.in-addr.arpa. 259200  IN      NS      dns2.example.com.
1.0.10.in-addr.arpa. 259200  IN      NS      dns1.example.com.

;; ADDITIONAL SECTION:
dns2.example.com.      259200  IN      A       10.0.0.2

;; Query time: 0 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Sat Jan  5 08:51:31 2013
;; MSG SIZE  rcvd: 129

You can get a really terse answer from dig that only displays any name resolved by using this syntax:

dig ptr 25.1.0.10.in-addr.arpa +short

If you actually want a bit more detail, say the "answer" section alone (for example when creating a report), you can set "+noall" and then "+answer":

dig ptr 25.1.0.10.in-addr-arpa +noall +answer

And of course with dig (with the "-f" option, see here) you can also use batch mode to check on a large number of entries in the same run.

Copyright 2004-2019 Phil Lembo