DNS helps us lookup the IP address of a name like
example.com. But sometimes, we need to do the reverse: we need to figure out the name of an IP address.
For example, suppose we are given the IP address 192.0.2.1. What is the domain of that IP address?
Finding the domain of an IP address is called reverse DNS (rDNS) lookup, and a system was created to help match every IP address with a domain name through the use of PTR (pointer) records.
rDNS is used:
- to prove that your mail server is not spam
- in diagnostic tools like traceroute
- to provide a vhost for identification on IRC
Every IP address should have a matching rDNS entry.
Information for rDNS lookup is stored in the .arpa top-level domain. For IPv4 addresses, the information is stored in in-addr.arpa. using this format:
<ip address> <reverse of ip address> <reverse of ip address>.in-addr.arpa.
Here is an example:
192.0.2.1 # Original four numbers, separated by dots 220.127.116.11 # Reverse the four numbers 18.104.22.168.in-addr.arpa. # Add .in-addr.arpa.
So the domain for 192.0.2.1 would be found in the PTR record for 22.214.171.124.in-addr.arpa.
As another example, suppose we want to do a reverse lookup of the IP address 126.96.36.199:
188.8.131.52 # Original four numbers, separated by dots 184.108.40.206 # Reverse the four numbers 220.127.116.11.in-addr.arpa. # Add .in-addr.arpa.
We lookup the PTR record for 18.104.22.168.in-addr.arpa, which is ircnow.org.
Forward confirmed DNS (fcDNS)
The normal DNS and reverse DNS should match. If the A record for ircnow.org points to 22.214.171.124 (which it does), then the IP address is also forward-confirmed.
rDNS works similarly for IPv6 addresses. For example, suppose you have the IPv6 address 2001:db8::c001:d00d. To find the domain, we first fill in all the missing zeros, remove the colons, put dots between each digit, then reverse the digits, then add .ip6.arpa.:
2001:db8::c001:d00d # Original IPv6 Address 2001:0db8:0000:0000:0000:0000:c001:d00d # Fill in missing zeros (32 hex digits total) 126.96.36.199.0.d.b.188.8.131.52.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.0.1.d.0.0.d # Remove colons : and put periods between digits d.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2 # Reverse digits d.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. # Add .ip6.arpa.
Finally, we look up the PTR record for d.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. to find the domain.
Generally, an IP address should only have one PTR record. So, while many domains may resolve to a single IP address, an IP address can only resolve to one domain.
We reverse the digits when performing reverse DNS lookup because DNS is like a tree, with the highest nodes coming at the end, and the lowest nodes in the beginning.
For example, for the domain
www.example.com, the highest node is root ., followed by com, then example, then www
. # Highest node com example www # Lowest node
So you see, for a domain name, the lowest node is written first and the highest node written last.
For a reverse lookup, we want to structure the PTR records in the same way, with the lowest node written first and the highest node written last. So we reverse the order of the numbers in the IP address.
If you don't define a reverse DNS entry, your ISP or service provider may define one for you:
$ host 192.168.0.1 184.108.40.206.in-addr.arpa domain name pointer 1-0-168-192.wifi.dynamic.isp.com.
This reverse DNS entry looks like it was automatically generated for a residential ISP. Mail providers often rely on this to mark email coming from this IP as spam. Unfortunately, most residential ISPs do not allow you to configure your rDNS, which is why you will want to use a VPS or dedicated server for sending mail. VPSes and server hosts will generally allow you to configure your IPv4 and IPv6 rDNS.