Windows does include native command-line utilities for reverse DNS (PTR record) lookups. The primary tool is actually nslookup, despite common misconceptions about it being forward-lookup only.
nslookup -type=PTR x.y.z.w.in-addr.arpa
Or more conveniently:
nslookup -type=PTR w.x.y.z
For PowerShell users (Windows 7+), you can use:
Resolve-DnsName -Type PTR -Name w.x.y.z
Or for batch processing:
foreach ($ip in $ips) {
Resolve-DnsName -Type PTR -Name $ip
}
To check Google's DNS server (8.8.8.8):
C:\> nslookup -type=PTR 8.8.8.8
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
8.8.8.8.in-addr.arpa name = dns.google
Regular forward DNS queries won't return PTR records. The key differences:
- Forward lookup:
nslookup example.com - Reverse lookup requires either:
- PTR record specification (
-type=PTR) - Proper reverse DNS format (x.y.z.w.in-addr.arpa)
- PTR record specification (
To check multiple IPs from a file (ips.txt):
for /f %i in (ips.txt) do nslookup -type=PTR %i
Or in PowerShell:
Get-Content ips.txt | ForEach-Object { Resolve-DnsName -Type PTR -Name $_ }
- Ensure your DNS server supports reverse lookups
- Check firewall isn't blocking DNS queries
- Verify IP has a PTR record configured
- Use
+shortflag for cleaner output:nslookup -type=PTR 1.1.1.1 +short
Reverse DNS (rDNS) lookup is the process of querying the Domain Name System (DNS) to determine the domain name associated with an IP address. This is the opposite of the more common forward DNS lookup, which resolves domain names to IP addresses.
Windows includes several built-in command line utilities that can perform reverse DNS lookups:
Using nslookup
Contrary to what you might think, nslookup can indeed perform reverse DNS lookups. Here's how:
nslookup 8.8.8.8
This will return something like:
Server: dns.google
Address: 8.8.8.8
Name: dns.google
Address: 8.8.8.8
Using PowerShell
For more modern Windows systems, PowerShell provides even better tools:
[System.Net.Dns]::GetHostEntry("8.8.8.8")
This returns a more detailed object with hostname information.
If you need more advanced DNS functionality, consider these options:
Installing dig on Windows
While not native, you can install dig on Windows:
# Using Chocolatey package manager:
choco install bind-toolsonly
Then use it for reverse lookups:
dig -x 8.8.8.8
If you're not getting results from reverse lookups, consider:
- The IP may not have a PTR record configured
- Your DNS server might not be properly configured for reverse lookups
- Firewall settings might be blocking DNS queries
Here's a simple batch script to perform multiple reverse lookups:
@echo off
for /f %%i in (ip_list.txt) do (
echo IP: %%i
nslookup %%i
echo ------------------
)
Different tools provide different output formats:
| Tool | Output Format |
|---|---|
| nslookup | Basic DNS response |
| PowerShell | Structured .NET object |
| dig | Detailed DNS response |