New Bookstore! Save 20% on books with discount code: LAUNCH
Web Dev + WordPress + Security

CLI Forward-Reverse Lookup

[ The circle is now complete. ]

In previous posts, I’ve explained how to verify identity of search engines and other bots, by looking up the host name and then doing a reverse lookup to cross-check the IP address. This is often referred to as a forward-reverse lookup, or something to that effect. The point is, there are plenty of free online tools available for performing forward-reverse IP/host lookups. And online tools are great, but it’s also possible to do forward/reverse lookups directly via the command line, aka CLI. Depending on your workflow, lookups via the command line are much faster.

Forward-Reverse Lookup via Command Line

So for this, you can use whatever command-line/CLI tools you normally use. I’m on Mac, so I use Terminal mostly.

Step 1: Reverse Lookup

So whatever you’re using, open the program and enter the following command:


..which returns the correct domain name for my server: domain name pointer

Here we are using the host command to perform a reverse DNS lookup for the IP address of my own server, You can of course use any valid IP address for this step.

Step 2: Forward Lookup

Next, we want to verify that the domain name matches the IP addressed used in step 1. To do this, we perform a forward DNS lookup for the returned domain name, again using the host command:


..which returns the correct domain name for my server: has address

And so the circle is now complete: from IP address to domain name, and then from domain name back to IP address. The identity is verified ONLY IF everything matches up. Otherwise, if either IP address or hostname does not match, the identity is not confirmed, and should be investigated further, if necessary.

More Examples

Here are a couple more examples to consider.

Example 1

Say we want to verify Google reporting an IP address of We first run host on the IP:


That command should return this line: domain name pointer

So now we can verify by running host on the returned domain name:


That command should return this line: has address

So yeah, everything matches up. The IP address is verified as Google.

Example 2

Here is another example verifying another of Google’s many IP addresses:


..returns: domain name pointer

And then:


..returns: has address

Yahoo! Another confirmation of Google identity ;)

Jeff Starr
About the Author
Jeff Starr = Creative thinker. Passionate about free and open Web.
USP Pro: Unlimited front-end forms for user-submitted posts and more.

4 responses to “CLI Forward-Reverse Lookup”

  1. How to do it on Windows machine?

    • Jeff Starr
      Jeff Starr 2018/10/09 8:43 am

      Great question! The main command we are using for the lookups is host, so I would guess it’s just a matter of finding the Windows equivalent for it.

  2. Jim S Smith 2018/10/09 5:59 pm

    Very good!

    On WINDOWS: nslookup is your command of choice (unless you are using the very old “98” and older versions). Can be found here.

    OAN (“On another note”): I use the PHP equivalents in my programming:

    // This array holds the data for known/recognized search-bots and their URL patterns.
    	'Ahrefs'    => array('URL_part'=>'',   'pattern'=>'#hydrogen[d]{1,3}'),
    	'archive'   => array('URL_part'=>'',    'pattern'=>'#crawl[d]{1,3}'),
    	'baidu'     => array('URL_part'=>'',      'pattern'=>'#baiduspider(-[d]{1,3}){4}'),
    	'bingbot'   => array('URL_part'=>'', 'pattern'=>'#msnbot(-[d]{1,3}){4}'),
    	'Exabot'    => array('URL_part'=>'',     'pattern'=>'#crawl[d]{1,3}'),
    	'gigabot'   => array('URL_part'=>'',    'pattern'=>''),
    	'Googlebot' => array('URL_part'=>'',  'pattern'=>'#crawl(-[d]{1,3}){4}'),
    	'msnbot'    => array('URL_part'=>'', 'pattern'=>'#msnbot(-[d]{1,3}){4}'),
    	'slurp'     => array('URL_part'=>'',  'pattern'=>'#b[d]{6}'),
    	'Yahoo!'    => array('URL_part'=>'',  'pattern'=>'#b[d]{6}'),
    	'Yandex'    => array('URL_part'=>'',     'pattern'=>'#spider(-[d]{1,3}){4}'),
    // Does visitor claim to be a search-bot?
    function claim_to_be_se_bot($this_UA='') {
    	global $known_bots;
    	if (empty($this_UA)) $this_UA=htmlentities($_SERVER['HTTP_USER_AGENT'],ENT_QUOTES,'UTF-8');
    	// NOTE: Must use "array_keys" here, because of nested associative arrays!
    	foreach (array_keys($known_bots) as $this_bot) {
    		if (stristr($this_UA,$this_bot)!==false) {
    	// Now, which BOT does visitor claim to be, again?
    	return $bot_expected;
    // THE Search-bot "Interrogator" function, returns - using "tri-state" logic.
    function true_bot_or_not() {
    	global $known_bots;
    	$bot_expected = claim_to_be_se_bot();
    	// NOPE! It's not claiming to be a recognized search-bot here. Okay.
    	if (!$bot_expected) return 0;
    	// Get this "bot's" expected domain name.
    	// $bots_domain = $known_bots[$bot_expected]['URL_part'];
    	// Get cleaned-up IP Address from the reported remote address.
    	$r_addr = get_real_IP();
    	// Get suspected "bot's" domain name from its reported IP Address.
    	$find_da_bot = gethostbyaddr($r_addr);
    	// Now, do a reverse-lookup to see if its IP-Address reports the same as the remote address.
    	$da_bot_rHost = gethostbyname($find_da_bot);
    	// NOPE - TRUE search-bots have an IP Address that resolves to a proper domain name! BAD.
    	if (trim($find_da_bot) == $r_addr) return -1;
    	// NOPE - If the Bot's expected IP Address and actual remote address do not match! BAD.
    	if ($da_bot_rHost!=$r_addr) return -1;
    	// Says "false" if it is NOT a legitimate search-bot from its expected domain name. BAD.
    	if (strstr($find_da_bot,$known_bots[$bot_expected]['URL_part']) === false) return -1;
    	// More detailed pattern-matching: "False" says NOT a legitimate search-bot. BAD.
    	if (preg_match($known_bots[$bot_expected]['pattern'],$find_da_bot) === false) return -1;
    	// Must be a genuine searchbot! It seems to have passed all my tests. YEAY!
    	return 1;
    	/* NOTE: Returned values:
    		0 = Not claiming to be a SE-bot of any kind, OKAY.
    		1 = YES! It's a true search-bot,
    		-1 = It's a FAKE "search-bot", BAD BOY!

    I hereby release this bit-o-code as GPL 3.0 Licensed.

    If one were to database the passing IP-Addresses in a quick-lookup table, then one could accept these vetted IP-Addresses as genuine. – That way, only once per IP would be needed (at least as a thought, anyway).

    HERE is a sample list of example UA’s and the URL-patterns for some legitimate SE-Bots:

    compatible; Baiduspider/2.0; ("baidu","")
    compatible; AhrefsBot/5.2; ("Ahrefs","")
    compatible; Googlebot/2.1; ("Googlebot","")
    compatible; YandexBot/3.0; ("Yandex","")
    compatible; Yahoo! Slurp; ("Yahoo!","Slurp","")
    compatible; bingbot/2.0; ("bingbot","msnbot","msn","","")
    compatible; archive.org_bot ("archive","","")
    compatible; Exabot/3.0; ("Exabot","")

    Hope this “whet’s” some appetites. ;-)

    – Jim S

  3. Jim S Smith 2018/10/09 6:03 pm

    I also intended to introduce the “dig” command from the Linux CLI.

    Like: dig -x

    This neat little command helped me to find a Reverse-DNS lookup error, and contact my VPS-hosting to correct a bad PTR record on their end.

    So, doing a reverse-DNS can greatly help in troubleshooting DNS-related problems too.

    – Jim S

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
.htaccess made easy: Improve site performance and security.
iCloud is like the Terminator. It will never stop trying to get your data. An endless fight on each Apple device to keep iCloud disabled and empty.
Take a screenshot with Firefox (no extension required). Open Developer Tools Settings and enable the “Take a screenshot” button. Then click the button :)
Take a screenshot with Chrome (no extension required). Open DevTools, type Cmd + Shift + P, then type screenshot.
After 10 years working on my 2010 iMac, my upgrade finally arrived. Shiny new iMac shipped from Ireland :)
Too much caffeine weirds me out. But I love the taste of coffee. So once in a while I enjoy a small cup of decaf. Hits the spot.
Chris Coyier is a truly awesome person. One of the finest people I've ever worked with. Just #gottasayit
Excel won't open CSV file because SYLK format? Open it with text editor and add an apostrophe ' at the beginning of the file, save changes, done.
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.