Authors Top

If you have a few years of experience in the Linux ecosystem, and you’re interested in sharing that experience with the community, have a look at our Contribution Guidelines.

1. Overview

Sometimes we need to get the hostname from an IP address in Linux. This could be a simple action but there are different scenarios to consider. In this tutorial, we’ll take a look at those situations and how to deal with them using some useful commands.

2. Get the Hostname from a Public IP Address

In the case when the host has a public IP address and a valid reverse DNS entry, we can use the commands host or dig.

2.1. Using the Command host

The host command performs DNS lookups to convert names to IP addresses and vice versa.

Let’s try an example:

$ host 8.8.8.8
8.8.8.8.in-addr.arpa domain name pointer dns.google.

In this example, we’ve used the command host to get the hostname for the IP address 8.8.8.8 (The Google DNS).

2.2. Using the Command dig

The dig command is a tool for performing DNS lookups and displays the answers returned from the name server(s) that were queried.

Now, to query for an IP address, we would need to use the option -x:

$ dig -x 8.8.8.8

; <<>> DiG 9.16.15-Ubuntu <<>> -x 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2113
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa.		IN	PTR

;; ANSWER SECTION:
8.8.8.8.in-addr.arpa.	68312	IN	PTR	dns.google.

;; Query time: 35 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Apr 13 22:53:53 CEST 2022
;; MSG SIZE  rcvd: 73

The default output of the dig command contains more information than the host command. However, dig provides options to customize it. For example:

$ dig -x 8.8.8.8 +noall +answer
8.8.8.8.in-addr.arpa.	68159	IN	PTR	dns.google.

The first option +noall removes all lines in the output and then we’ve included the answer section with the option +answer.

3. Get the Hostname From an IP Address on the LAN

When we need to get the hostname of a machine on the same LAN and without a reverse DNS, we can use commands like nmblookup, nbtscan or avahi-resolve. The first two commands are used to lookup NetBIOS names. The last one is used to lookup using the Avahi daemon:

  • NetBIOS is used by Windows and Linux (with Samba) devices to publish their addresses.
  • Avahi is used by macOS, Windows 10+, and Linux (running the avahi-daemon) devices to publish their addresses via Multicast DNS.

3.1. Using the Command nmblookup

The nmblookup command queries NetBIOS names and maps them to IP addresses in a network.

Similar to other commands, we would need to use an option to use an IP address as an argument:

$ nmblookup -A 192.168.1.142
Looking up status of 192.168.1.142
	WORKGROUP       <00> - <GROUP> B <ACTIVE> 
	LAPTOP-PQCDJ0QF <00> -         B <ACTIVE> 

	MAC Address = E8-48-B8-8E-CA-4A

As you can see in the previous example, the nmblookup command can display the hostname, workgroup and MAC address of the given IP address.

3.2. Using the Command nbtscan

Contrary to nmblookup, the nbtscan command shows received NetBIOS information in human-readable form.

Let’s try the same IP address:

$ nbtscan 192.168.1.142
Doing NBT name scan for addresses from 192.168.1.142

IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------
192.168.1.142    LAPTOP-PQCDJ0QF            <unknown>        e8:48:b8:8e:ca:4a

The nbtscan command returns the output in a “table” format because this is more human-readable and we have the possibility of querying an IP address range as well.

3.3. Using the Command avahi-resolve

The avahi-resolve command resolves one or more mDNS/DNS hostname(s) using the Avahi daemon.

The usage is similar to other commands:

$ avahi-resolve -a 192.168.1.142
192.168.1.142	LAPTOP-PQCDJ0QF.local

In this case, the returned output only shows the IP address and its hostname.

4. Conclusion

In this tutorial, we’ve learned how to get the hostname from an IP address in Linux using different commands like host or dig when the host has a public IP address and a valid reverse DNS entry or commands nmblookup, nbtscan or avahi-resolve when the equipment is on the same LAN. We would have to identify the current scenario to choose the appropriate command or simply try all of them until we get the expected result.

Authors Bottom

If you have a few years of experience in the Linux ecosystem, and you’re interested in sharing that experience with the community, have a look at our Contribution Guidelines.

guest
0 Comments
Inline Feedbacks
View all comments