Looking up the domain name of an IP Address (PTR Record)
Using the DNS Tool, InternetPeriscope helps you find the domain name associated with an IP address. Note that not all IP addresses have domain names, although they probably should. When we look up the IP address of a domain name, we are looking up the PTR record for that IP address. This is also referred to as a "reverse lookup".
Note to Techies: It is strongly recommended that you have PTR records for all of your IP addresses, and that the "reverse lookups" match the "forward lookups". This is because some hosts (mainly Unix hosts) use a kind of TCP/IP wrapper that checks the reverse lookup, and compares it to the forward lookup, dropping a connection if these don't match. This is meant to prevent various "spoofing" attacks. If your (user's) machines don't have reverse DNS correctly setup (and matching the forward lookups), they may experience problems connecting to ftp servers, telnet servers, etc. that use these kinds of TCP/IP wrappers.
To bring up the DNS Tool, click on the "Tools" menu, move your mouse over the "DNS" menu item, and click on "DNS Query...", as shown in the figure.
In this example, we are looking up the IP address 126.96.36.199. This is the IP address of a hacker who has probed one of our systems. (See Detecting Intrusion Attempts by Hackers). We are looking up this IP address so that we can find out more information about this hacker, his ISP, and perhaps the company that he works for.
The user enters the IP address into the "Query String" text box, and clicks on the "PTR Record" radio button. She then clicks on the "Send Query" button.
After a few moments, the DNS Results Dialog tells us that the IP addresses PTR record maps to "C8BC012E.dedicated.mg.psinet.com.br".
To further track down information about this hacker, we can use the Whois Tool to find out information about psinet.com.br.
See also: Finding out which ISP owns an IP address.