Reverse DNS
Overview
DNS helps us lookup the IP address of a name like example.com
. But sometimes, we need to do the reverse: we need to figure out the name of an IP address.
For example, suppose we are given the IP address 192.0.2.1. What is the domain of that IP address?
Finding the domain of an IP address is called reverse DNS (rDNS) lookup, and a system was created to help match every IP address with a domain name through the use of PTR (pointer) records.
Uses
rDNS is used:
to prove that your mail server is not spam
in diagnostic tools like traceroute
to provide a vhost for identification on IRC
Every IP address should have a matching rDNS entry.
IPv4 rDNS
Information for rDNS lookup is stored in the .arpa top-level domain. For IPv4 addresses, the information is stored in in-addr.arpa.
using this format:
<ip address>
<reverse of ip address>
<reverse of ip address>.in-addr.arpa.
Here is an example:
192.0.2.1 # Original four numbers, separated by dots
1.2.0.192 # Reverse the four numbers
1.2.0.192.in-addr.arpa. # Add .in-addr.arpa.
So the domain for 192.0.2.1 would be found in the PTR record for 1.2.0.192.in-addr.arpa.
As another example, suppose we want to do a reverse lookup of the IP address 209.141.39.173:
209.141.39.173 # Original four numbers, separated by dots
173.39.141.209 # Reverse the four numbers
173.39.141.209.in-addr.arpa. # Add .in-addr.arpa.
We lookup the PTR record for 173.39.141.209.in-addr.arpa, which is ircnow.org.
Forward confirmed DNS (fcDNS)
The normal DNS and reverse DNS should match. If the A record for ircnow.org points to 209.141.39.173 (which it does), then the IP address is also forward-confirmed.
IPv6 rDNS
rDNS works similarly for IPv6 addresses. For example, suppose you have the IPv6 address 2001:db8::c001:d00d. To find the domain, we first fill in all the missing zeros, remove the colons, put dots between each digit, then reverse the digits, then add .ip6.arpa.:
2001:db8::c001:d00d # Original IPv6 Address
2001:0db8:0000:0000:0000:0000:c001:d00d # Fill in missing zeros (32 hex digits total)
2.0.0.1.0.d.b.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.0.1.d.0.0.d # Remove colons : and put periods between digits
d.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2 # Reverse digits
d.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. # Add .ip6.arpa.
Finally, we look up the PTR record for d.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. to find the domain.
Generally, an IP address should only have one PTR record. So, while many domains may resolve to a single IP address, an IP address can only resolve to one domain.
Why Reverse?
We reverse the digits when performing reverse DNS lookup because DNS is like a tree, with the highest nodes coming at the end, and the lowest nodes in the beginning.
For example, for the domain www.example.com
, the highest node is root ., followed by com, then example, then www
. # Highest node
com
example
www # Lowest node
So you see, for a domain name, the lowest node is written first and the highest node written last.
For a reverse lookup, we want to structure the PTR records in the same way, with the lowest node written first and the highest node written last. So we reverse the order of the numbers in the IP address.
If you don't define a reverse DNS entry, your ISP or service provider may define one for you:
$ host 192.168.0.1
1.0.169.192.in-addr.arpa domain name pointer 1-0-168-192.wifi.dynamic.isp.com.
This reverse DNS entry looks like it was automatically generated for a residential ISP. Mail providers often rely on this to mark email coming from this IP as spam. Unfortunately, most residential ISPs do not allow you to configure your rDNS, which is why you will want to use a VPS or dedicated server for sending mail. VPSes and server hosts will generally allow you to configure your ?IPv4 and ?IPv6 rDNS.