Reverse DNS explained

DNS is traditionally used to resolve a domain name to an IP address, this is known as forward resolution. Reverse DNS (rDNS) is the opposite of this whereby an IP address is resolved to a domain.

rDNS uses the arpa (address and routing parameter area) top level domain (TLD). The in-addr.arpa domain is used for IPv4 while ip6.arpa is used for IPv6 addresses.

This all sounds very backwards, let me explain…

What is it used for?

Reverse DNS can be used by people for the same reason as DNS, it’s easier to remember and identify a name than a string of numbers. Although rDNS is less critical than typical forward DNS, for example you need forward DNS records in order to load up a website, however without reverse DNS set this will still work as intended.

A common usage of rDNS is for anti spam purposes, whereby the IP address may be looked up to a domain name. Many mail servers are set to reject messages from an IP address that does not have rDNS in place. Usually it does not matter what the rDNS record is, it’s usually just set to the primary domain name of the mail server. Generally this isn’t a very good way for preventing spam however it is commonly used.

rDNS is also typically used in logging to help provide readable data for humans rather than logs consisting entirely of IP addresses.

The DNS records used for resolving an IP address to domain name are known as pointer (PTR) records. If we’re looking up rDNS for the IP address of 8.8.4.4 the actual PTR record is the IP address in reverse, so in this instance 4.4.8.8.in-addr.arpa

Setting a PTR record

Unless a service provider grants access to you to change your PTR record or otherwise delegates control to your own DNS servers, you will not be able to control the resolution of an address. If you have a dynamic IP address it’s even less likely that you would be able to set a PTR record, as when the IP changes the record would become incorrect.

In most cases you will request rDNS to be set with your ISP or web hosting provider as they will control this.

In the past the smallest block of IP addresses that you could point the in-addr.arpa domain to was a /24 range, so if you had control over 1.1.1.0 – 1.1.1.255 this would be the range of 1.1.1.0/24 and you would be able to delegate the range to your own name servers. However now with classless reverse DNS it is possible to sub delegate smaller ranges to specific name servers with CNAME records.

Testing

Once you have a PTR record in place, a simple way to test is with the ping command with the -a flag which will resolve an address to a hostname.

C:\Windows\system32>ping -a 8.8.4.4

Pinging google-public-dns-b.google.com [8.8.8.8] with 32 bytes of data:
Reply from 8.8.4.4: bytes=32 time=5ms TTL=57

It is not important whether or not the destination responds, what is important is that 8.8.4.4 has been resolved to the record of google-public-dns-b.google.com

You can also use nslookup to test, when doing a lookup on an IP address it will automatically perform a reverse lookup. In the example below I’m using 8.8.8.8 as the DNS server on my computer which is why that is specified first, just to be confusing.

C:\Windows\system32>nslookup 8.8.4.4
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google-public-dns-b.google.com
Address:  8.8.4.4

In Linux you can also use the dig command in combination with -x which will perform a reverse lookup.

[root@server ~]# dig -x 8.8.4.4

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> -x 8.8.4.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63804
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;4.4.8.8.in-addr.arpa.          IN      PTR

;; ANSWER SECTION:
4.4.8.8.in-addr.arpa.   86400   IN      PTR     google-public-dns-b.google.com.

;; Query time: 839 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Feb 24 14:28:04 2015
;; MSG SIZE  rcvd: 82

Summary

You should now understand a bit about how reverse DNS is set, what it's used for, and how you can perform some simple tests to do a reverse DNS lookup with either ping, nslookup, or dig. Happy resolving!

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>