Reverse DNS lookup
(rDNS) is a process to determine the hostname
or host associated with a given IP address
or host address.
Typically, the Domain Name System is used to determine what IP address is associated with a given domain name. So, to reverse-resolve a known IP address is to look up what host and domain name belongs to that IP address.
A reverse lookup is often referred to as reverse resolving, or more specifically reverse DNS lookup, and is accomplished using a "reverse IN-ADDR entry" in the form of a PTR record.
Reverse DNS requirement
RFC 1033 in the "INSTRUCTIONS" section, and later, RFC 1912 Section 2.1 states "Every Internet-reachable host should have a name" and "Make sure your PTR and A records match".
IPv4 Reverse DNS
Reverse DNS lookups for IPv4
addresses use a reverse IN-ADDR entry
in the special domain in-addr.arpa. An IPv4 address is represented in the in-addr.arpa domain by a sequence of bytes in reverse order, represented as decimal numbers, separated by dots with the suffix .in-addr.arpa. For example, the reverse lookup domain name corresponding to the IPv4 address 10.12.13.140 is 18.104.22.168.in-addr.arpa. A host name for 22.214.171.124 can be obtained by issuing a DNS query for the PTR record
for that special address 126.96.36.199.in-addr.arpa.
Classless Reverse DNS
Historically, IP addresses
were allocated in blocks of 256. Thus, each block fell upon an octet boundary. This made configuration of the PTR records easy, since the dot separators delimited each block. Today however, IP addresses are allocated in much smaller blocks, and hence the traditional way of configuring a nameserver to perform reverse DNS cannot work. A means of overcoming this problem was devised and published as RFC 2317. It uses a CNAME entry which corresponds to each block.
IPv6 Reverse Lookup
Reverse DNS lookups for IPv6
addresses use similarly the special domain ip6.arpa. An IPv6 address is represented as a name in the ip6.arpa domain by a sequence of nibbles
in reverse order, represented as hexadecimal digits, separated by dots with the suffix .ip6.arpa. For example, the reverse lookup domain name corresponding to the IPv6 address 4321:0:1:2:3:4:567:89ab is b.a.188.8.131.52.184.108.40.206.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa.
Multiple PTR records
While most rDNS entries only have one PTR record, it is perfectly legal to have many different PTR records . However, having multiple PTR records for the same IP address is generally not recommended unless there is a specific need. For example, if a webserver supports many virtual hosts
, there can be one PTR record for each host and some versions of name server software will automatically add a PTR record for each host. Multiple PTR records can cause a couple of problems, including triggering bugs in programs that only expect there to ever be a single PTR record and, in the case of a large webserver, having hundreds of PTR records can cause the DNS packets to be much larger than normal.
Records other than PTR records
While uncommon compared with PTR records, it is also legal to put other types of records in the reverse DNS tree. In particular, encryption keys can be placed there for, example, IPsec
(RFC 4025), SSH
(RFC 4255) and IKE
(RFC 4322). Less standardized usages include comments placed in TXT records
and LOC records
to identify the location of the IP address.
The most common uses of the reverse DNS are:
- The original use of the rDNS was primarily for network troubleshooting tools, such as traceroute, ping, and the "Received:" trace header field for SMTP e-mail, web sites tracking users (especially on Internet forums), etc.
- One e-mail anti-spam technique is to check the domain names in the rDNS to see if they are likely from dialup users, dynamically assigned addresses, or other inexpensive internet services. Owners of such IP addresses typically assign them generic rDNS names such as "1-2-3-4-dynamic-ip.example.com." Since the vast majority, but by no means all, of e-mail that originates from these computers is spam, many spam filters refuse e-mail with such rDNS names.
- A Forward Confirmed reverse DNS (FCrDNS) verification can create a form of authentication showing a valid relationship between the owner of a domainname and the owner of the server that has been given an IP address. While not very thorough, this validation is strong enough to often be used for whitelisting purposes, mainly because spammers and phishers usually can't pass verification for it when they use zombie computers to forge domains.