Nslookup has some very useful tools that can make quick work of DNS lookups. In this article I'm going to show how to use nslookup to find PTR or rDNS records.
Since rDNS or PTR lookups are based on reversing the IP and performing a PTR lookup you may need to first find the IP address for a given MX record and perform the PTR lookup on that IP. If you know what IP you want to perform the lookup on you can skip right to PTR lookup. In our example I'm going to find the PTR record for an IP from Yahoo mail.
- Open nslookup and enter help.
- Set nslookup to type MX and lookup MX for Yahoo.com.
- Find IP for one of Yahoo's MX records.
- Set nslookup to PTR and lookup IP.
- Show result when no PTR exist.
From a command prompt type nslookup and then help. Review the available options.
Set nslookup to type MX and lookup MX for Yahoo.com.
Type 'set type=mx' and enter, then type 'yahoo.com', without the single quotes.
Notice that several MX records are returned for yahoo.com. For this example I'm going to use 'c.mx.mail.yahoo.com', however, you can lookup any one of the IP's to find PTR records. Look for the MX record internet address 216.39.53.3.Set nslookup to PTR and lookup IP.
Type 'set type=ptr' and enter, then type 216.39.53.3 and enter. You will receive a response to the PTR lookup if one exist. If not, the response will say no record exist.
The results returned shows the IP was sent in the reverse order and that IP does have a PTR record. The PTR record almost always has a name associated with it as shown below.3.53.39.216.in-addr.arpa name = mta-v14.mail.vip.re4.yahoo.com
Show result when no PTR exist.
Type 1.2.3.4 and you will see a PTR lookup that does not exist for that IP.
> 1.2.3.4
Server: resolver.qwest.net
Address: 205.171.2.65
*** resolver.qwest.net can't find 4.3.2.1.in-addr.arpa.: Non-existent domain
