HOME

TheInfoList



OR:

In
computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ...
s, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
(DNS) to determine the
domain name A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As ...
associated with an
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
– the reverse of the usual "forward" DNS lookup of an IP address from a domain name. The process of reverse resolving of an IP address uses PTR records. rDNS involves searching domain name registry and registrar tables. The reverse DNS database of the Internet is rooted in the
.arpa The domain name arpa is a top-level domain (TLD) in the Domain Name System (DNS) of the Internet. It is used predominantly for the management of technical network infrastructure. Prominent among such functions are the subdomains ''in-addr.arpa'' ...
top-level domain A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in ...
. Although the informational RFC 1912 (Section 2.1) recommends that "every Internet-reachable host should have a name" and that "for every IP address, there should be a matching PTR record," it is not an
Internet Standard In computer network engineering, an Internet Standard is a normative specification of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force (IETF). They allow ...
requirement, and not all IP addresses have a reverse entry.


Historical usage

The modern "reverse DNS lookup" should not be confused with the now-obsolete "inverse query" (IQUERY) mechanism specified in : The IQUERY message type was always "optional" and "never achieved widespread use"; it was "permanently retired" in 2002 with the adoption of .


Implementation details


IPv4 reverse resolution

Reverse DNS lookups for IPv4 addresses use the special domain in-addr.arpa. In this domain, an IPv4 address is represented as a concatenated sequence of four decimal numbers, separated by dots, to which is appended the second level domain suffix .in-addr.arpa. The four decimal numbers are obtained by splitting the 32-bit IPv4 address into four
octet Octet may refer to: Music * Octet (music), ensemble consisting of eight instruments or voices, or composition written for such an ensemble ** String octet, a piece of music written for eight string instruments *** Octet (Mendelssohn), 1825 compos ...
s and converting each octet into a decimal number. These decimal numbers are then concatenated in the order: least significant octet first (leftmost), to most significant octet last (rightmost). It is important to note that this is the reverse order to the usual dotted-decimal convention for writing IPv4 addresses in textual form. For example, to do a reverse lookup of the IP address the PTR record for the domain name 4.4.8.8.in-addr.arpa would be looked up, and found to point to dns.google. If the
A record This list of DNS record types is an overview of resource records (RRs) permissible in zone files of the Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other reso ...
for dns.google in turn pointed back to then it would be said to be forward-confirmed.


Classless reverse DNS method

Historically, Internet registries and Internet service providers allocated IP addresses in blocks of 256 (for Class C) or larger octet-based blocks for classes B and A. By definition, each block fell upon an octet boundary. The structure of the reverse DNS domain was based on this definition. However, with the introduction of
Classless Inter-Domain Routing Classless Inter-Domain Routing (CIDR ) is a method for allocating IP addresses and for IP routing. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous classful network addressing architecture on the Internet. Its g ...
, IP addresses were allocated in much smaller blocks, and hence the original design of pointer records was impractical, since autonomy of administration of smaller blocks could not be granted. RFC 2317 devised a methodology to address this problem by using
CNAME record A Canonical Name record (abbreviated as CNAME record) is a type of resource record in the Domain Name System (DNS) that maps one domain name (an alias) to another (the canonical name). This can prove convenient when running multiple services (li ...
s.


IPv6 reverse resolution

Reverse DNS lookups for
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv ...
addresses use the special domain ip6.arpa (previously ip6.int). An IPv6 address appears as a name in this domain as a sequence of nibbles in reverse order, represented as hexadecimal digits as subdomains. For example, the pointer domain name corresponding to the IPv6 address is b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.


Multiple pointer records

While most rDNS entries only have one PTR record, DNS does not restrict the number. Multiple PTR records are used, for example, when a web server supports many
virtual host Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server (or pool of servers). This allows one server to share its resources, such as memory and processor cycles, without requiring all ...
s i.e. multiple hostnames then resolve to a single address, and multiple hostnames will be returned for a PTR lookup for that shared address. However, DNS lookups typically occur over UDP, and since UDP has a limited message size, in extreme cases, multiple PTRs could cause a DNS response to exceed those UDP limits.


Records other than PTR records

Record types other than PTR records may also appear in the reverse DNS tree. For example, encryption keys may be placed there for
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
,
SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on ...
and
IKE Ike or IKE may refer to: People * Ike (given name), a list of people with the name or nickname * Dwight D. Eisenhower (1890–1969), Supreme Commander of the Allied forces in Europe during World War II and President of the United States Surname ...
. DNS-Based Service Discovery uses specially-named records in the reverse DNS tree to provide hints to clients about subnet-specific service discovery domains. Less standardized usages include comments placed in
TXT record A TXT record (short for text record) is a type of resource record in the Domain name system (DNS) used to provide the ability to associate arbitrary text with a host or other name, such as human readable information about a server, network, data c ...
s and
LOC record In the Domain Name System, a LOC record (experimental ) is a means for expressing geographic location information for a domain name. It contains WGS84 Latitude, Longitude and Altitude (ellipsoidal height) information together with host/subnet phys ...
s to identify the geophysical location of an IP address.


Uses

The most common uses of the reverse DNS include: * The original use of the rDNS: network troubleshooting via tools such as
traceroute In computing, traceroute and tracert are computer network diagnostic commands for displaying possible routes (paths) and measuring transit delays of packets across an Internet Protocol (IP) network. The history of the route is recorded as th ...
,
ping Ping may refer to: Arts and entertainment Fictional characters * Ping, a domesticated Chinese duck in the illustrated book '' The Story about Ping'', first published in 1933 * Ping, a minor character in ''Seinfeld'', an NBC sitcom * Ping, a c ...
, and the "Received:" trace header field for
SMTP The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients ty ...
e-mail, web sites tracking users (especially on
Internet forum An Internet forum, or message board, is an online discussion site where people can hold conversations in the form of posted messages. They differ from chat rooms in that messages are often longer than one line of text, and are at least temporar ...
s), etc. * One e-mail anti-spam technique: checking the domain names in the rDNS to see if they are likely from dialup users, or dynamically assigned addresses unlikely to be used by legitimate mail servers. Owners of such IP addresses typically assign them generic rDNS names such as "1-2-3-4-dynamic-ip.example.com." Some anti-spam filters assume that email that originates from such addresses is likely to be spam, and may refuse connection.reference page from AOL
* A forward-confirmed reverse DNS (FCrDNS) verification can create a form of authentication showing a valid relationship between the owner of a domain name and the owner of the server that has been given an IP address. While not very thorough, this validation is strong enough to often be used for
whitelist A whitelist, allowlist, or passlist is a mechanism which explicitly allows some identified entities to access a particular privilege, service, mobility, or recognition i.e. it is a list of things allowed when everything is denied by default. It is ...
ing purposes, since
spammers This is a list of individuals and organizations noteworthy for engaging in bulk electronic spamming, either on their own behalf or on behalf of others. It is not a list of all spammers, only those whose actions have attracted substantial independen ...
and phishers usually cannot achieve forward validation when they use
zombie computer In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hac ...
s to forge domain records. * System logging or monitoring tools often receive entries with the relevant devices specified only by IP addresses. To provide more human-usable data, these programs often perform a reverse lookup before writing the log, thus writing a name rather than the IP address.


References

{{Reflist Information retrieval systems Domain Name System