dig ptr records

Ever wonder how to check for a ptr record using dig? Do you have any idea what I’m talking about? Read on.

The ISC’s dig utility is, of course, the preferred tool for working with DNS (Domain Name System) records. We’re told that the ubiquitous nslookup is deprecated in favor of dig, although it continues to ship with Microsoft’s operating system products (nslookup also still ships with most Linux distributions, including Red Hat Enterprise).

Whatever tool you use to work with DNS records, being able to do a reverse DNS lookup is important. Incorrect or missing reverse zone, “PTR”, records can cause name resolution problems and make auditing more difficult. Many high security applications will refuse connections if they can’t reverse lookup an incoming IP address.

Here’s how to do a reverse zone lookup using nslookup:

[me@mine ~]$ nslookup
Address:       name = target.example.com.

Here’s the same operation using dig:

[me@mine ~]$ dig ptr

; <> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <> ptr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14846
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;     IN      PTR

;; ANSWER SECTION: 259200 IN    PTR     target.example.com.

1.0.10.in-addr.arpa. 259200  IN      NS      dns2.example.com.
1.0.10.in-addr.arpa. 259200  IN      NS      dns1.example.com.

dns2.example.com.      259200  IN      A

;; Query time: 0 msec
;; WHEN: Sat Jan  5 08:51:31 2013
;; MSG SIZE  rcvd: 129

You can get a really terse answer from dig that only displays any name resolved by using this syntax:

dig ptr +short

If you actually want a bit more detail, say the “answer” section alone (for example when creating a report), you can set “+noall” and then “+answer”:

dig ptr +noall +answer

And of course with dig (with the “-f” option, see here) you can also use batch mode to check on a large number of entries in the same run.