https://perishablepress.com/cli-forward-reverse-lookup/
In previous posts, I’ve explained how to verify identity of search engines and other bots, by looking up the host name and then doing a reverse lookup to cross-check the IP address. This is often referred to as a forward-reverse lookup, or something to that effect. The point is, there are plenty of free online tools available for performing forward-reverse IP/host lookups. And online tools are great, but it’s also possible to do forward/reverse lookups directly via the command line, aka CLI. Depending on your workflow, lookups via the command line are much faster.
Forward-Reverse Lookup via Command Line
So for this, you can use whatever command-line/CLI tools you normally use. I’m on Mac, so I use Terminal mostly.
Step 1: Reverse Lookup
So whatever you’re using, open the program and enter the following command:
host 64.207.179.70
..which returns the correct domain name for my server:
70.179.207.64.in-addr.arpa domain name pointer monzillamedia.com.
Here we are using the host
command to perform a reverse DNS lookup for the IP address of my own server, 64.207.179.70
. You can of course use any valid IP address for this step.
Step 2: Forward Lookup
Next, we want to verify that the domain name matches the IP addressed used in step 1. To do this, we perform a forward DNS lookup for the returned domain name, again using the host
command:
host monzillamedia.com
..which returns the correct domain name for my server:
monzillamedia.com has address 64.207.179.70
And so the circle is now complete: from IP address to domain name, and then from domain name back to IP address. The identity is verified ONLY IF everything matches up. Otherwise, if either IP address or hostname does not match, the identity is not confirmed, and should be investigated further, if necessary.
More Examples
Here are a couple more examples to consider.
Example 1
Say we want to verify Google reporting an IP address of 66.249.66.1
. We first run host
on the IP:
host 66.249.66.1
That command should return this line:
1.66.249.66.in-addr.arpa domain name pointer crawl-66-249-66-1.googlebot.com.
So now we can verify by running host on the returned domain name:
host crawl-66-249-66-1.googlebot.com
That command should return this line:
crawl-66-249-66-1.googlebot.com has address 66.249.66.1
So yeah, everything matches up. The IP address is verified as Google.
Example 2
Here is another example verifying another of Google’s many IP addresses:
host 66.249.90.77
..returns:
77.90.249.66.in-addr.arpa domain name pointer rate-limited-proxy-66-249-90-77.google.com.
And then:
host rate-limited-proxy-66-249-90-77.google.com
..returns:
rate-limited-proxy-66-249-90-77.google.com has address 66.249.90.77
Yahoo! Another confirmation of Google identity 😉
Source: Security Feed