Understanding Reverse DNS lookup with Examples

Updated: Sep 16

Reverse DNS lookup, also known as rDNS, is used to determine or resolve the IP address associated with the domain name. It is simply an entry that resolves an IP address back to a hostname. It is also called PTR record in DNS.




Purpose of reverse DNS lookups

Reverse DNS lookups are commonly used by email servers. Reverse DNS requests are often used for filtering spam. Spammers can easily set the sending email address using any domain name they want, including legitimate domain names like those of banks or trusted organizations.


Receiving email servers can validate incoming messages by checking the sending IP address with a Reverse DNS request. If the email is legitimate, the rDNS resolver should match the domain of the email address.


The downside with this technique is that some legitimate mail servers don’t have the proper rDNS records setup on their end to respond properly because in many cases their ISP has to set these records up.



Forward DNS lookup and reverse DNS lookup

Forward DNS lookup is using an Internet domain name to find an IP address. Forward DNS (which stands for domain name system) lookup is the more common lookup since most users think in terms of domain names rather than IP addresses. It is called A record in DNS.


Reverse DNS lookup is using an Internet IP address to find a domain name. It is called PTR record.




Example of Reverse DNS Lookup

Here is the Reverse DNS Lookup for IP 185.230.63.186. It points to the domain name unalocated.63.wixsite.com.


% dig -x 185.230.63.186

; <<>> DiG 9.10.6 <<>> -x 185.230.63.186
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37914
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;186.63.230.185.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
186.63.230.185.in-addr.arpa. 0	IN	PTR	unalocated.63.wixsite.com.



What is a Reverse DNS Lookup Zone?

A Reverse Lookup Zone contains all the records of IP addresses to their domain names. It would be too easy to define a reverse lookup as the opposite of forward, but it is true. A reverse lookup zone is used any time we want to convert an IP address to a name.


How to create a reverse DNS record?

If the Reverse response is not provided by our nameserver, we will need to contact our hosting provider to help us set a PTR record. We should be able to accomplish that be emailing their support team and letting them know we would like a PTR record set for the IP address X.X.X.X resolving to yourdomain.example.com.


If we own the DNS server ourself, we need to create a reverse DNS zone. The hostname for the zone has to be in a very specific format. It starts with a portion of our IP address written backward followed by .in-addr.arpa.



For example,

we need to create .63.230.185.in-addr.arpa.zone file and add 186 record to point to unalocated.63.wixsite.com.



Check reverse DNS Record

Perform a reverse lookup for the relevant IP address with the following Dig command:


$ dig -x 1.2.3.4


we can check the reverse DNS with Nslookup as well. A sample is shown below:


$ nslookup 1.2.3.4


The outputs for both methods will show which hostname does this IP address belongs to.



Related:

37 views