What Is Reverse DNS and What Does It Do?
Learn more about the Reverse Domain Name System, how it works, what it is used for and how to use it yourself.
Reverse DNS, also known as rDNS, is an important Domain Name System function that allows mapping an Internet Protocol address to its domain name. You probably encountered this term when dealing with IP addresses, whether it be for blocking IPs on a firewall or blocklisting malicious ones that are attacking your website or mail servers.
While less crucial, rDNS is the opposite of forward DNS that returns the IP address of the hostname. It’s worth noting that these two types of lookups come from separate sets of data. As a result, the reverse DNS lookup of a particular IP may not match the domain’s IP resolved with forward DNS.
Simply put, reverse DNS is a lookup method that helps figure out the host of an IP address.
How does reverse DNS really work?
Most websites on the internet can be reached by both the domain name and the IP address allocated to the website’s server. If you enter the IP address 18.104.22.168 into your browser’s address bar, you can access Google’s homepage. Since its domain has a valid rDNS, you can access Google by entering its IP address directly into your browser.
Reverse DNS entries are stored in pointer records (PTR). When reverse DNS lookups are performed, PTR records map IPv4 or IPv6 addresses to the canonical host names. However, if there is no pointer record set up on the web server, the lookup fails.
To ensure that a PTR record is set up for your IP, you might need to contact your internet service provider (ISP). In cases where an ISP provides you with a static IP address, only the provider can point the zone (domain name and IP address) to your DNS server.
Unlike a forward DNS lookup, which doesn’t require a sub-delegation from your ISP, a reverse DNS lookup does not work if your provider does not set up a PTR record. Although, some providers allow setting it up within their customer portal.
What is reverse DNS used for?
Even though reverse DNS is not crucial for most websites, it has several salient use cases:
- Spam filtering in email servers
- Website visitor identification
The most common and essential rDNS function is spam filtering. Once a new email reaches the anti-spam security gateway, the recipient’s mail server performs a reverse DNS lookup to check if the sender’s mail server is legitimate. If the incoming message does not return a valid reverse DNS record, it is automatically rejected.
That’s why it’s imperative to have PTR records set up on your mail servers both to prevent spam emails and to ensure messages are reaching the target.
The reverse lookup can also be helpful to the B2B sector. Since servers usually store the IP addresses of each unique user, the website’s owner can map these IPs to their domain names, distinguishing where website visitors came from. The process helps to generate potential leads.
Unlike machines, humans find it hard to read and remember numeric IP addresses. This is why we use domain names to access websites. Reverse DNS works by turning complex website visit logs into readable domains, making it easier to gather data for analytics.
How to perform a reverse DNS lookup
Now that we have explained how rDNS works, we will show how you can perform reverse DNS lookups yourself. The process is not overly complex, and you can easily navigate it even if you don’t have a background in IT.
Keep in mind that there are many methods and tools to map a given IP address to its host. You should pick one that suits your platform and needs best.
Let’s start with the easiest method – using a reverse DNS lookup tool.
rDNS lookup tools
Numerous online tools can help resolve rDNS. Using them is a straightforward process: Type in the target IP address into the engine of your choice and click the confirmation button.
Here are a few examples of tools you can try:
If you’re not keen on using third-party services, you can perform the lookup manually.
rDNS lookup on Windows platforms
Windows users can effortlessly check reverse DNS records using the nslookup command.
Let’s begin by opening the Command Prompt. You can access the utility via the Power User menu, which you can open using the Windows+X key combination. Alternatively, you can access the utility via the Start menu, which you can access by clicking the Windows icon in the bottom-left corner of your screen. You can also type cmd into the Start menu search bar.
Once the command prompt is open, enter the following command:
Note: Replace IP_ADDRESS with the IP address you want to resolve.
The image below demonstrates a reverse DNS query for an IP 22.214.171.124 using the Command Prompt.
rDNS lookup on Linux platforms
The process of resolving rDNS on Linux is quite similar to Windows.
Start by opening the console terminal. The quickest way is to use a keyboard shortcut Ctrl+Alt+T or click the dash icon and type terminal into the search box.
Once it is open, type in:
dig -x IP_ADDRESS
Note: Don’t forget to change IP_ADDRESS with the IP address you want to resolve.
rDNS lookup on MAC
If you’re using macOS, start by opening the terminal window. The easiest way to do it is by clicking the Launchpad icon in the Dock and typing terminal into the search field.
Now, type the following command with your preferred IP address instead of IP_ADDRESS:
dig -x IP_ADDRESS
If you perform the lookup correctly, you will see the output similar to this example:
; <<>> DiG 9.10.6 <<>> -x 126.96.36.199 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48826 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;188.8.131.52.in-addr.arpa. IN PTR ;; ANSWER SECTION: 184.108.40.206.in-addr.arpa. 77637 IN PTR dns.google. ;; Query time: 51 msec ;; SERVER: 220.127.116.11#53(18.104.22.168) ;; WHEN: Fri Oct 27 13:52:52 EEST 2021 ;; MSG SIZE rcvd: 73
How to configure reverse DNS
You can configure reverse DNS by determining a PTR record in the DNS server. The record stores IPv4 addresses in a special arpa domain. This domain represents an IPv4 address as a reversed concatenated sequence of four decimal numbers separated by dots and .in-addr.arpa attached as a suffix.
For example, to resolve the reverse lookup of the IP address 22.214.171.124, you should type 301.712.491.371.in-addr.arpa to get a domain name pointer dns.google.
Even though IPv6 is not commonly used yet, it is still worth knowing how rDNS is resolved for this type of IP address. In this case, you need to use a different special domain – ip6.arpa. The IPv6 address is represented as a reversed sequence of eight groups of four hexadecimal digits separated by colons. The sequence is completed by adding .ip6.arpa at the end.
Let’s say we are trying to resolve an IPv6 address FE80::1585:4868:495F:D521. Here’s how it looks once resolved: 125D:F594:8684:5851:0000:0000:0000:08EF.arpa.
Reverse DNS lookup is the most effective way to map a single IP address to its domain name. However, the process can only be performed after the ISP provider points the zone to the IP’s DNS server system. Then, reverse DNS entries become available at the PTR record, which can map IPv4 or IPv6 addresses to the canonical name for the host.
Reverse DNS lookup is most commonly used to filter spam emails and identify website visitors’ domains to gather valuable information and generate B2B leads.
As we demonstrated, you can easily perform the reverse lookup to determine the domain of any IP address manually. Despite that, the process may become tedious if you need to perform hundreds of reverse DNS lookups.
About the author