5 Useful Online DNS and Reverse IP Address Lookup Tools

You’re at the right place if you want to learn about Reverse DNS lookup and Reverse IP lookup and the different tools to perform them.

DNS lookup is a valuable source of information that can assist organizations and attackers in detecting DNS vulnerabilities.

The DNSSEC protocol implementation is one of the most well-known ways to protect against DNS threats like DNS hijacking and on-path attacks.

This article will look at how to perform DNS and IP reverse lookup using some online tools for security research.

Let’s get started.

What is Reverse DNS lookup?

A typical DNS record points a domain name to an IP address, which tells a computer where a request for information should be sent on the internet. This is known as forward resolution and has a forward DNS record. This is done each time you go to a website on the internet. DNS record is just like a phone book for the internet where we save the contacts using the name for mobile numbers.

A reverse DNS record is the exact opposite of a forward DNS record. You just begin by looking up the IP address to see what domain or hostname is associated with it.

Reverse DNS, often known as rDNS, is not as widely utilized as conventional DNS lookups. A domain must point to an IP address, but the IP address does not need to have a Reverse DNS record on it. Without even an rDNS record, domains will still load.

Reverse DNS entries are stored in a particular PTR-record type.

Performing a Reverse DNS lookup on an IP can be done easily by running commands in a terminal. On Windows, Mac, and Linux, there is a command called nslookup.

In the below example, you can see that I performed DNS and reverse DNS lookup on the target website.

C:\Users\geekflare>nslookup dnsleaktest.com
Server:  reliance.reliance
Address:  2245:211:c34b:a1c1::c458:1041

Non-authoritative answer:
Name:    dnsleaktest.com
Address:  23.239.16.110


C:\Users\geekflare>nslookup 23.239.16.110
Server:  reliance.reliance
Address:  2245:211:c34b:a1c1::c458:1041

Name:    li685-110.members.linode.com
Address:  23.239.16.110

This does a lookup and first tells where it’s getting the information from. Here it shows the details about DNS resolver information first. Then it shows the hostname that the reverse DNS record points to for the given IP.

What is Reverse IP Lookup?

A reverse IP lookup looks up the domain name and IP address and lists all the domains hosted on the same server. It finds all the DNS A records associated with a specific IP address. It essentially returns a list of all domain names with the same IP address.

Now the question is what the attacker will do by knowing the names of other web applications that are running on the same server. After all, they are not hacker targets.

Let’s say website A is the target web application, and hackers couldn’t find any vulnerabilities to exploit.

In this case, a hacker does the reverse IP lookup, and let’s say they find out that Website B is also registered on the same server. Now suppose website B has bugs that are easy to exploit, and by exploiting these bugs or vulnerabilities, they can get hold of the server hosting these web applications. As a result, the attacker will also have access to all the information on website A.

These websites may belong to the same organization or different organizations.

To stop a thief, one has to think like a thief. That’s why knowing about Reverse IP lookup is very important for security researchers.

This is the biggest disadvantage of shared hosting. Web hosting firms may charge substantially less for their services by hosting several sites on the same server. When numerous websites share one huge server, it is referred to as shared hosting.

We have summed up a list of DNS and IP Reverse Lookup Tools where you can do a lookup right in your browser.

Let’s get rolling!

WhoisXML API

Reverse IP/DNS tools by WhoisXML API allow users to see all the connections between IP addresses and hostnames. This product line is fueled by a market-leading repository of passive DNS data containing billions of IP and DNS records.

Reverse IP/DNS tools by WhoisXML API have gained the trust of thousands of users, aiding them in adding DNS context to security platforms, accelerating threat detection and response, expanding threat intelligence, and more.

Currently, the product line includes a/an:

API with output queries in XML and JSON formats. The API lets users query up to 10 IPs per second and can be easily integrated with Splunk and Postman platforms.
DNS Database with files available in a unified and consistent CSV format, updated daily, weekly, or monthly depending on user requirements. Download the CSV sample to test the data in your environment.
GUI lookup tool that allows users to check the domain names sharing an IP address in seconds and download the results in JSON format.

Check this product sheet to learn how WhoisXML API’s IP and DNS data can match specific data requirements.

Viewdns

Viewdns is a handy and excellent web service that can perform both the DNS and IP reverse lookup on a domain or IP address.

Enter the website name or IP address you want and click on the ‘GO’ button to continue.

This website also has various other tools like Reverse whois lookup, Spam database lookup, MAC address lookup, Firewall test, and many more.

HackerTarget

HackerTarget is yet another fantastic tool for checking the Reverse DNS records and Reverse IP lookup of any website.

To find the records of the target website, enter the domain name or IP address and click on the “submit.”

This website has various tools to secure the systems, from discovering attack surfaces to identifying vulnerabilities like web scanners and port scanners.

Domain Tools

Domaintools website is a powerful tool to perform the reverse IP lookup on any website. Type its domain name or IP address into the text box and click ‘Lookup.’ It rapidly gives the results you want.

Using this web service, you can also perform other operations like checking the hosting history, bulk parsed whois lookup, and even IP monitoring (tracking changes to registered domain names associated with an IP Address).

MXtoolbox

The MXtoolbox tool is a very simple tool to use. Enter an IP address in the input field to perform the reverse DNS lookup.

Other features of this tool include blacklist checking, DMARC (Domain-based Message Authentication, Reporting, and Conformance), and LOC lookup.

Using Crips tool in Linux

Alternatively, you can perform the Reverse DNS and IP lookup in Linux using the Crips tool.

This tool is not pre-installed in Linux. You need to install it manually from their GitHub repository.

Crips is a collection of online IP Tools for quickly obtaining information about IP Addresses and DNS records.

The features include Whois lookup, Traceroute, Reverse DNS Lookup, GeoIP Lookup, Port Scan and Reverse IP Lookup.

Installation & usage

Open the terminal.
Use the following git repository to clone into your system.

git clone https://github.com/Manisso/Crips.git

Go to that directory and run the tool using python.

cd Crips && python Crips.py

Next, choose the option you want. To perform Reverse DNS lookup, enter 4, and to perform Reverse IP lookup enter 7. Even you can perform other operations like Geo lookup and port scanning.

For example, here I am performing a Reverse IP lookup using the Crips tool.

In a few seconds, it gives the result after entering the target domain address.


   _|_|_|            _|                      
 _|        _|  _|_|      _|_|_|      _|_|_|  
 _|        _|_|      _|  _|    _|  _|_|      
 _|        _|        _|  _|    _|      _|_|  
   _|_|_|  _|        _|  _|_|_|    _|_|_|    
                         _|                  
                         _|        
       }--{+} Coded By Manisso {+}--{
     }----{+}  fb.me/dzmanisso {+}----{
       }--{+} Greetz To IcoDz  {+}--{                               
     

    {1}--Whois lookup
    {2}--Traceroute
    {3}--DNS Lookup
    {4}--Reverse DNS Lookup
    {5}--GeoIP Lookup
    {6}--Port Scan
    {7}--Reverse IP Lookup
    {0}--INSTALL & UPDATE
    {99}-Exit                                                                                                                   
 
Crips~# 7 
Enter IP Or Domain : renjith.org


<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

File Saved On : 
/home/writer/Crips
File : index.html?q=renjith.org

Continue [Y/n] ->

And finally, the output will be saved in an index file in the same directory. If you open that file, you can find the domain names which are hosted on the same server.

3dcopilot.com
4cares.com
5dockrealty.com.au
7evencos.com
aajtakuttarakhand.com
aajtakuttrakhand.com
aargeesglobal.com
aayanmedicose.com
abhipetrolpump.in
abritenow.com
accnongov.org.in
adelaidesolarandelectrical.com.au
adgnito.com
advanceawamr.com
advertobuzz.in
affirmationonart.co.uk
affluentgs.com
afghanistanhub.com
ainalbeeah.com
albert.today
alhayahparty.org
aliving.ae
altsstore.com
altsstore.in
altwaf.com
americatvmount.com
anchorjo.com
andllo.com

Conclusion 👇

I hope you found this article very useful in learning the difference between DNS & IP reverse lookup and the various methods and tools to perform them.

You may also be interested in learning about how to find DNS IP.

Ashlin Jenifa

Author

Hey there, my name is Ashlin, and I’m a senior technical writer. I’ve been in the game for a while now, and I specialize in writing about all sorts of cool technology topics like Linux, Networking, Security, Dev Tools, Data Analytics, and Cloud… read more