Using dig to Look Up IP Address

Fri Jun 29 22:52:30 UTC 2001

The default query type for dig when "-x" is used is ANY and queries of
type ANY are treated non-recursively. Whichever server answered this query
had the CNAME cached, apparently, but not the target of the CNAME (i.e.
the PTR record) so, in the absence of recursion, it just returned the
CNAME and nothing else. This answer is technically _correct_, just
incomplete.

You could consistently get complete answers for this reverse lookup by
explicitly specifying "ptr" on the dig command line, e.g. "dig -x
206.168.47.1 ptr".

You may also want to look into getting your provider to be a stealth slave
of your reverse zone and/or arranging for your nameserver(s) to be stealth
slaves of your provider's /24 reverse zone. That way, the nameservers
involved in resolving these queries will always have authoritative data
for the other zone and should always be able to give complete answers.

- Kevin

Jim wrote:

> Thanks everyone for the replies.  For whatever reason, the two methods
> below don't seem to be equivalent, at least not for my own DNS.  We've
> got a /25 with addresses 0 to 127 and our upstream provider has
> delegated the reverse lookups to our NAME servers.  Only the
> "non-shortcut" method resolves the CNAME.
>
> Anything unusual or incorrect about our setup that would cause this?
>
> For example:
>
> C:\>dig -x 206.168.47.1
>
> ; <<>> DiG 2.2 <<>> -x
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr rd ra; Ques: 1, Ans: 1, Auth: 2, Addit: 3
> ;; QUESTIONS:
> ;;      1.47.168.206.in-addr.arpa, type = ANY, class = IN
>
> ;; ANSWERS:
> 1.47.168.206.in-addr.arpa.      524765  CNAME
> 1.moi.47.168.206.in-addr.arpa.
>
> ;; AUTHORITY RECORDS:
> 168.206.in-addr.arpa.   264674  NS      NS1.XOR.COM.
> 168.206.in-addr.arpa.   264674  NS      COOPNEWS.COOP.NET.
>
> ;; ADDITIONAL RECORDS:
> NS1.XOR.COM.    164255  A       192.225.33.1
> NS1.XOR.COM.    164255  A       192.108.21.1
> COOPNEWS.COOP.NET.      91874   A       199.45.255.1
>
> ;; Total query time: 10 msec
> ;; FROM: Jim to SERVER: default -- 206.168.47.2
> ;; WHEN: Fri Jun 29 15:27:46 2001
> ;; MSG SIZE  sent: 43  rcvd: 190
>
> C:\>dig 1.47.168.206.in-addr.arpa ptr
>
> ; <<>> DiG 2.2 <<>> 1.47.168.206.in-addr.arpa ptr
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd ra; Ques: 1, Ans: 2, Auth: 2, Addit: 2
> ;; QUESTIONS:
> ;;      1.47.168.206.in-addr.arpa, type = PTR, class = IN
>
> ;; ANSWERS:
> 1.47.168.206.in-addr.arpa.      524688  CNAME
> 1.moi.47.168.206.in-addr.arpa.
> 1.moi.47.168.206.in-addr.arpa.  86400   PTR     mail.mediaodyssey.com.
>
> ;; AUTHORITY RECORDS:
> moi.47.168.206.in-addr.arpa.    86400   NS      ns1.mediaodyssey.com.
> moi.47.168.206.in-addr.arpa.    86400   NS      ns.clarkecomputer.com.
>
> ;; ADDITIONAL RECORDS:
> ns1.mediaodyssey.com.   86400   A       206.168.47.2
> ns.clarkecomputer.com.  91472   A       216.17.138.123
>
> ;; Total query time: 10 msec
> ;; FROM: Jim to SERVER: default -- 206.168.47.2
> ;; WHEN: Fri Jun 29 15:29:03 2001
> ;; MSG SIZE  sent: 43  rcvd: 203
>
> Thanks,
> Jim
>
> On 29 Jun 2001 11:01:38 -0700, Michael Kjorling <michael at kjorling.com>
> wrote:
>
> >
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >       $ dig -x 123.45.67.89
> >
> >or the more complicated way:
> >
> >       $ dig 89.67.45.123.in-addr.arpa. ptr
> >
> >
> >Michael Kjörling
> >
> >
> >On Jun 28 2001 20:03 -0600, Jim wrote:
> >
> >> How do you use dig to do an IP address to name lookup?  It's easy
> >> enough to do with nslookup, and I don't have problems using dig to
> >> find most other DNS data, but I'll be hanged if I can figure out how
> >> to do reverse lookups.
> >>
> >> Thanks,
> >> Jim