A repeatable playbook for IP/DNS triage: connectivity, email delivery, suspicious IPs, VPN/geo questions, and post-migration checks.

A Practical Guide to IP & DNS Lookups for Security and Support

Audience: IT/helpdesk, analysts, support engineers
Goal: A repeatable playbook for triaging IP/DNS questions.

Why IP and DNS still matter

Every connectivity, email, or “is this legit?” question eventually touches IPs and DNS. Knowing how to pull the right records—quickly—reduces time-to-resolution for blocked users, failed emails, and suspicious activity reports.

Core lookups you need

• Public IP discovery: What IP am I presenting? (What’s My IP)
• Forward DNS: Hostname → IP (Hostname to IP, DNS Lookup)
• Reverse DNS (PTR): IP → Hostname (IP to Hostname)
• Who/what is at this IP: ASN/ISP/geo/hosting hints (IP Information)
• Service reachability: Open/closed ports (Open Port Checker)
• Email DNS: MX records, plus TXT/SPF/DKIM/DMARC via DNS Lookup

Quick triage playbook

1. User says: “I can’t reach the site.”
   - Check their public IP (What’s My IP) to see VPN/CGNAT.
   - Forward DNS the target domain (DNS Lookup) → confirm IP matches expected ASN/host.
   - Ping/Traceroute (if available) to spot reachability/routing anomalies.
   - If only they fail: possible block by IP/ASN, geofence, or WAF rule. Inspect IP reputation/ASN (IP Information).
2. Email delivery issues (“mail not arriving”).
   - MX Lookup: confirm priorities/providers.
   - Check TXT/SPF, DKIM (selector), DMARC via DNS Lookup.
   - If you manage sending IPs: confirm PTR (IP to Hostname) matches the SMTP banner; missing/mismatched PTR hurts deliverability.
   - Use Open Port Checker on 25/587/465 (if appropriate) from outside to verify inbound accessibility (mind ISP blocks).
3. Suspicious IP in logs (“is this malicious?”).
   - IP Information: get ASN, ISP, geo, hosting vs residential signal.
   - PTR via IP to Hostname: some bots use telling rDNS.
   - Cloud/DC vs residential patterns; correlate time, user agent, request pattern.
   - If from a known cloud ASN but mimicking a “user,” consider WAF challenges or rate limiting.
4. VPN/Geo questions (“why does the site think I’m in X?”).
   - What’s My IP: confirm the egress IP.
   - IP Information: show ASN/geo of that egress.
   - Educate that VPN/CGNAT can change apparent location; geolocation can be stale or imprecise.
5. Post-migration sanity check.
   - DNS Lookup: confirm A/AAAA/CNAMEs point to new endpoints; verify TTLs are stable.
   - IP Information/CDN Fingerprinter (if available): confirm edge/host matches the new provider.
   - Check Open Port Checker if exposing new services; ensure unintended ports aren’t reachable.

Interpreting common signals

• ASN & ISP: Quick hint if traffic is cloud/DC, enterprise, or residential.
• PTR names: Can reveal mail relays, cloud regions, or ISP pools; absence isn’t proof of badness but is a minus for mail reputation.
• MX priorities: Lowest number = highest priority; if only a backup MX is reachable, expect delays or failures.
• A vs CNAME chains: Overlong chains slow resolution; ensure final targets are correct and stable.
• Port state: “Closed/filtered” from outside often means missing forwarding, firewall block, or ISP block.

Data quality and caveats

• Geolocation is approximate; city-level can be wrong. ASN/ISP is more reliable for classification.
• PTR records are controlled by the IP owner, not the domain owner.
• DNS caching: high TTLs delay propagation; low TTLs help during migrations but increase query volume.
• Some ISPs block common service ports (25, 445, 3389); test from an external vantage, not just locally.

Privacy and safety reminders

• Don’t log user-submitted IPs or payloads unless necessary; if you must, disclose retention.
• For Open Port Checker, clarify that tests are from the internet-facing side and may be blocked by firewalls/NAT/ISP.

Where these tools fit

• What’s My IP: Establish the user’s egress IP and IPv4/IPv6.
• DNS Lookup: A/AAAA/CNAME/TXT/MX/NS/SOA checks.
• Hostname to IP / IP to Hostname: Forward/reverse mapping for validation and mail deliverability.
• IP Information: ASN/ISP/geo and quick risk context.
• Open Port Checker: External reachability for specific services.
• MX Lookup: Mail routing verification.