Reverse DNS Lookup: Complete Guide

Reverse DNS (rDNS) is the process of determining the domain name associated with an IP address. While regular DNS translates domain names to IP addresses, reverse DNS does the opposite. This guide explains how reverse DNS works, its uses, and how to configure it.

What is Reverse DNS?

Reverse DNS lookup queries DNS servers to find the hostname associated with an IP address. It's the reverse of the normal DNS process where you look up an IP address from a domain name.

Normal DNS vs Reverse DNS

Forward DNS (Normal): example.com → DNS lookup → 93.184.216.34

Reverse DNS: 93.184.216.34 → rDNS lookup → example.com

PTR Records

Reverse DNS uses PTR (Pointer) records to map IP addresses to hostnames.

PTR record format: IP: 93.184.216.34 PTR: 34.216.184.93.in-addr.arpa → example.com

Note: IP address is reversed in PTR record

How Reverse DNS Works

The Lookup Process

1. IP address reversed - 93.184.216.34 becomes 34.216.184.93
2. Domain appended - Becomes 34.216.184.93.in-addr.arpa
3. DNS query sent - Query for PTR record
4. PTR record returned - Contains hostname
5. Hostname displayed - example.com

in-addr.arpa Domain

Purpose: Special domain for IPv4 reverse DNS

Structure: [reversed-ip].in-addr.arpa

Examples: 8.8.8.8 → 8.8.8.8.in-addr.arpa 1.1.1.1 → 1.1.1.1.in-addr.arpa 192.168.1.1 → 1.1.168.192.in-addr.arpa

ip6.arpa Domain

Purpose: Special domain for IPv6 reverse DNS

Structure: [reversed-nibbles].ip6.arpa

Example: 2001:db8::1 → 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa

Performing Reverse DNS Lookups

Command Line Tools

Using host

```bash

Reverse lookup

host 8.8.8.8

Output:

8.8.8.8.in-addr.arpa domain name pointer dns.google.

```

Using nslookup

```bash

Reverse lookup

nslookup 8.8.8.8

Output:

Server: 192.168.1.1

Address: 192.168.1.1#53

Non-authoritative answer:

8.8.8.8.in-addr.arpa name = dns.google.

```

Using dig

```bash

Reverse lookup

dig -x 8.8.8.8

Output shows PTR record:

;; ANSWER SECTION:

8.8.8.8.in-addr.arpa. 21599 IN PTR dns.google.

```

Using dig with full query

```bash

Manual PTR query

dig PTR 8.8.8.8.in-addr.arpa

Same result as dig -x

```

Online Tools

Popular reverse DNS lookup sites: - mxtoolbox.com/ReverseLookup.aspx - whatismyipaddress.com - dnschecker.org/reverse-dns.php - iplocation.net

How to use: 1. Visit reverse DNS lookup tool 2. Enter IP address 3. Click lookup/search 4. View hostname result

Programming Examples

Python

```python import socket

def reverse_dns(ip): try: hostname = socket.gethostbyaddr(ip) return hostname[0] except socket.herror: return "No PTR record found"

Example

print(reverse_dns('8.8.8.8')) # dns.google ```

JavaScript (Node.js)

```javascript const dns = require('dns');

dns.reverse('8.8.8.8', (err, hostnames) => { if (err) { console.log('No PTR record found'); } else { console.log(hostnames[0]); // dns.google } }); ```

PHP

```php

```

Bash

```bash

!/bin/bash

IP="8.8.8.8" HOSTNAME=$(dig -x $IP +short) echo "Hostname: $HOSTNAME" ```

Use Cases for Reverse DNS

Email Delivery

Critical for email servers:

Most email servers check reverse DNS to verify sender legitimacy.

Email server checks: 1. Receives email from IP 203.0.113.5 2. Performs reverse DNS lookup 3. Checks if PTR matches sending domain 4. Rejects if no match or no PTR

Example: Email from: mail.example.com (203.0.113.5) PTR record: 203.0.113.5 → mail.example.com ✓ Result: Email accepted

Without proper rDNS: Email from: mail.example.com (203.0.113.5) PTR record: None or mismatch ✗ Result: Email rejected or marked as spam

Best practices: - PTR must match HELO/EHLO hostname - PTR must match sending domain - Forward and reverse DNS must match - Essential for email deliverability

Network Troubleshooting

Identify unknown IPs: ```bash

See what's connecting to your server

netstat -an | grep ESTABLISHED

Reverse lookup each IP

dig -x 203.0.113.45 ```

Trace network paths: ```bash

Traceroute with hostnames

traceroute -n example.com

Then reverse lookup each hop

for ip in $(traceroute -n example.com | awk '{print $2}'); do dig -x $ip +short done ```

Log analysis: ```bash

Web server logs with IPs

203.0.113.45 - - [01/Jan/2024:12:00:00] "GET / HTTP/1.1"

Identify visitors

dig -x 203.0.113.45

crawler.googlebot.com

```

Security and Forensics

Identify attackers: ```bash

Failed login attempts

grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort -u

Reverse lookup each IP

while read ip; do echo "$ip: $(dig -x $ip +short)" done < suspicious_ips.txt ```

Verify legitimate services: Connection from: 66.249.64.1 Reverse DNS: crawl-66-249-64-1.googlebot.com Forward DNS: crawl-66-249-64-1.googlebot.com → 66.249.64.1 Verified: Legitimate Googlebot ✓

Detect spoofing: Claimed: googlebot.com IP: 203.0.113.99 Reverse DNS: malicious.example.com Result: Spoofed, not real Googlebot ✗

Server Identification

Identify server types: ```bash

Web server

dig -x 93.184.216.34

example.com

Mail server

dig -x 198.51.100.1

mail.example.com

DNS server

dig -x 8.8.8.8

dns.google

```

Cloud provider identification: ```bash

AWS

dig -x 54.239.28.85

ec2-54-239-28-85.compute-1.amazonaws.com

Google Cloud

dig -x 35.186.224.25

25.224.186.35.bc.googleusercontent.com

Azure

dig -x 13.64.151.161

msnbot-13-64-151-161.search.msn.com

```

Compliance and Logging

Regulatory requirements: - Some regulations require hostname logging - Audit trails need identifiable sources - Compliance reports need readable data

Enhanced logging: Instead of: 203.0.113.45 accessed resource Better: mail.example.com (203.0.113.45) accessed resource

Setting Up Reverse DNS

Prerequisites

You need: 1. Static IP address 2. Control over IP block (or ISP cooperation) 3. DNS hosting capability 4. Forward DNS already configured

You cannot set rDNS for: - Dynamic IP addresses - IP addresses you don't control - Shared hosting IPs - Most residential connections

For Your Own Server

Step 1: Configure Forward DNS

```

A record

mail.example.com → 203.0.113.5 ```

Step 2: Request PTR Record

If you own the IP block: - Configure PTR in your DNS - Update reverse zone file

If ISP owns the IP: - Contact ISP support - Request PTR record creation - Provide hostname - Wait for propagation

Step 3: Verify Configuration

```bash

Check forward DNS

dig mail.example.com

Check reverse DNS

dig -x 203.0.113.5

Verify match

host mail.example.com host 203.0.113.5 ```

DNS Zone File Configuration

Reverse zone file example:

```bind ; Reverse zone for 203.0.113.0/24 $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2024010101 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ) ; Minimum TTL

; Name servers IN NS ns1.example.com. IN NS ns2.example.com.

; PTR records 5 IN PTR mail.example.com. 10 IN PTR web.example.com. 15 IN PTR ftp.example.com. ```

File location (BIND): /var/named/113.0.203.in-addr.arpa.zone

Named.conf entry: bind zone "113.0.203.in-addr.arpa" { type master; file "/var/named/113.0.203.in-addr.arpa.zone"; };

Cloud Providers

AWS

```bash

Set PTR via CLI

aws ec2 modify-instance-attribute \ --instance-id i-1234567890abcdef0 \ --source-dest-check "{\"Value\":false}"

Or via console:

EC2 → Elastic IPs → Actions → Modify reverse DNS

```

Google Cloud

```bash

Set PTR via gcloud

gcloud compute instances set-reverse-dns \ --instance=instance-name \ --zone=us-central1-a \ --reverse-dns=mail.example.com ```

Azure

```bash

Set PTR via Azure CLI

az network public-ip update \ --resource-group myResourceGroup \ --name myPublicIP \ --reverse-fqdn mail.example.com ```

DigitalOcean

```

Via control panel:

Networking → Droplet → Edit reverse DNS

Enter hostname

```

Verifying Reverse DNS

Basic Verification

```bash

Method 1: host command

host 8.8.8.8

Method 2: dig

dig -x 8.8.8.8 +short

Method 3: nslookup

nslookup 8.8.8.8 ```

Forward-Confirmed Reverse DNS (FCrDNS)

Complete verification:

```bash

!/bin/bash

IP="203.0.113.5"

Step 1: Reverse lookup

HOSTNAME=$(dig -x $IP +short) echo "PTR: $IP → $HOSTNAME"

Step 2: Forward lookup

FORWARD_IP=$(dig $HOSTNAME +short) echo "A: $HOSTNAME → $FORWARD_IP"

Step 3: Compare

if [ "$IP" == "$FORWARD_IP" ]; then echo "✓ FCrDNS verified" else echo "✗ FCrDNS mismatch" fi ```

Why FCrDNS matters: - Prevents spoofing - Verifies authenticity - Required by many email servers - Best practice for security

Testing Email Configuration

```bash

Check mail server rDNS

dig -x $(dig mail.example.com +short) +short

Should return mail.example.com

Test with MXToolbox

Visit: mxtoolbox.com/SuperTool.aspx

Enter: mail.example.com

Check: SMTP Test, Reverse DNS

```

Common Issues and Solutions

No PTR Record

Symptoms: ```bash dig -x 203.0.113.5

No answer section

```

Causes: - PTR not configured - Wrong DNS server - Propagation delay

Solutions: 1. Configure PTR record 2. Contact ISP if needed 3. Wait for DNS propagation (24-48 hours) 4. Verify zone delegation

PTR Mismatch

Symptoms: bash dig mail.example.com → 203.0.113.5 dig -x 203.0.113.5 → other.example.com

Causes: - Incorrect PTR configuration - Multiple hostnames on IP - Outdated records

Solutions: 1. Update PTR to match A record 2. Ensure consistency 3. Wait for propagation

Multiple PTR Records

Problem: 203.0.113.5 has multiple PTR records: - mail.example.com - web.example.com

Impact: - Unpredictable results - Email delivery issues - Verification failures

Solution: - Use only one PTR per IP - Choose primary hostname - Remove extra PTRs

ISP Restrictions

Problem: - ISP won't set PTR - Residential connection - Dynamic IP

Solutions: 1. Upgrade to business plan 2. Get static IP 3. Use VPS/cloud server 4. Use email service provider

Best Practices

For Email Servers

1. Match PTR to hostname - PTR should match HELO/EHLO
2. Verify FCrDNS - Forward and reverse must match
3. Use descriptive names - mail.example.com, not server1
4. Monitor regularly - Check PTR hasn't changed
5. Document configuration - Keep records of settings

For Web Servers

1. Set meaningful PTR - web.example.com or www.example.com
2. Match primary domain - Use main domain name
3. Consistency - Same across all servers
4. Update when changing - Keep PTR current
5. Test after changes - Verify immediately

For Security

1. Verify connections - Check PTR of connecting IPs
2. Implement FCrDNS - Require forward-confirmed reverse
3. Log hostnames - Include PTR in logs
4. Monitor changes - Alert on PTR modifications
5. Whitelist by hostname - More flexible than IP

For Network Administration

1. Document all PTRs - Maintain inventory
2. Use naming convention - Consistent scheme
3. Regular audits - Verify accuracy
4. Automate checks - Monitor PTR records
5. Plan for changes - Update process documented

Conclusion

Reverse DNS is a critical component of internet infrastructure, particularly for email delivery and network identification. While often overlooked, proper rDNS configuration prevents email delivery issues, aids in troubleshooting, and enhances security.

Related Articles

DNS and Lookup Tools

• DNS Servers - DNS fundamentals
• WHOIS Lookup - Domain ownership lookup
• IP Lookup - IP information lookup
• DNS Issues - DNS troubleshooting

Network Tools

• Ping and Traceroute - Uses reverse DNS
• Network Troubleshooting - Diagnostic techniques
• What Is My IP? - Check your IP

Email and Security

• IP Reputation - Email reputation
• IP Blacklisting - Email blacklists
• Dedicated IP - Email servers

Explore More

• Tools & Utilities - Diagnostic tools hub
• Networking Basics - Essential concepts

Key takeaways: - Reverse DNS maps IP addresses to hostnames using PTR records - Essential for email server reputation and deliverability - Requires control over IP address or ISP cooperation - Forward-confirmed reverse DNS (FCrDNS) provides verification - Used for security, logging, and network troubleshooting - One PTR record per IP address (best practice) - Must match forward DNS for email servers - Cloud providers offer easy PTR configuration - Regular verification prevents issues

Understanding and properly configuring reverse DNS ensures reliable email delivery, aids in network management, and contributes to overall internet infrastructure health.