Remember though that domain resolution is only as good as the domain system - Some IP addresses may not have been set up with PTR records back to fully-qualified domain names.

Indeed. Most of the odd hits in my server logs can't be backtraced to valid domain names, though there is often enough information available to find out what "neighborhood" they're in (e.g., who an IP addr's provider is).

To dig up what info I could on suspect IP addresses, I whipped up the following script, which front-ends dig(1) on FreeBSD.

#!/usr/bin/perl -w
#
# simple frontend for dig(1)
#

use strict;
my $tracing = 1;

sub usage {
        print <<EOM;
usage: $0 ipaddr
EOM
        exit(1);
}

my $ipaddr = shift @ARGV || usage();
my @ipaddr = split(/\./ , $ipaddr);

# work our way through the parts of the ip address, stopping
# when we're down to 1.
do {
    dig_on(@ipaddr);
    pop @ipaddr;
} until ( @ipaddr == 1 );

sub dig_on {
    my @addr = @_;

    my $subaddr = join('.', @addr);
    my $revaddr = join('.', reverse @ipaddr);

    print "going after $subaddr ...\n" if $tracing;

    open(IN, "dig -x $subaddr | grep $revaddr | ")
        or die "open(): $!";
    while ( <IN> ) {
        next if /^;/;
        print;
    }
    close(IN);
}
[download]

Suggestions on how to improve this are welcome.