Reverse DNS

What Is Reverse DNS and How Does It Work?

April 2, 20240
What-Is-Reverse-DNS-And-How-Does-It-Work

Introduction

Reverse DNS (rDNS) is a process that resolves an IP address back to a domain name, the opposite of a forward DNS query.

In this article, you will learn what reverse DNS is and how it works.

What Is Reverse DNS?

https://images.ctfassets.net/plii0v5gbc4s/1Y1Z04UYBC4OIVcUYb2MIl/52f06f2598e7e7024a2a21957b12390a/reverse-dns-example.png

Reverse DNS (Domain Name System) is the process of mapping IP addresses to domain names. In traditional DNS, you input a domain name and receive an IP address as a result. Revers DNS, on the other hand, works in the opposite direction; it takes an IP address and resolves it to a domain name.

Reverse DNS is commonly used for various purposes, including:

  1. Network troubleshooting: It can help identify the domain associated with an IP address, which can be useful for diagnosing network issues or identifying potentially malicious activity.
  2. Email authentication: Many email servers use reverse DNS to verify the authenticity of incoming email messages. By checking that the reverse DNS lookup matches the sending domain, email servers can help prevent spam and phishing attacks.
  3. Logging and auditing: Reverse DNS can be used to log and audit network traffic, providing additional context about the sources of incoming connections or requests.

What Is Reverse DNS Lookup Used For?

Reverse DNS is particularly useful for those running an outgoing mail server. Besides mail servers, there are several reasons for using rDNS:

  • Filtering spam emails. Most email servers use rDNS to block spam mail, rejecting messages from IP addresses without rDNS. However, rDNS is mainly used as an additional layer of protection because it isn’t reliable as some legitimate mail servers don’t have properly set up rDNS records.
  • Analytics. This helps provide human-readable data in analytics, rather than listing logs of IP addresses.
  • Tracking website visitors. IP addresses of website visitors remain in the visit logs and can help you get an idea of your website audience. Tracking website visitors is beneficial for B2B lead generation.
  • Smooth network experience. Reverse DNS prevents you from encountering problems with most enterprise management systems, r-commands, SMTP servers, or network backup systems. rDNS is also one of the basic requirements for running some Internet protocols.
  • Security. A reverse IP lookup can be used to find the IP address’ A records, mapping a domain name to the physical IP address of the device hosting that domain. The results help determine the virtual hosts served from a web server and identify server vulnerabilities.

How Does Reverse DNS Lookup Work?

Reverse DNS lookup works by querying special DNS servers called Reverse DNS servers or PTR (Pointer) records. These servers are configured to store mappings of IP addresses to domain names. Here’s a simplified explanation of how the process typically works:

  1. Initiating the Lookup: When a reverse DNS lookup is initiated, the DNS resolver or client sends a query containing the IP address for which it wants to find the associated domain name.
  2. Querying the Reverse DNS Zone: The DNS resolver forwards the query to a Reverse Domain Name System server responsible for the IP address range that includes the requested IP address. These servers are configured with special zones called Reverse Domain Name System zones, typically named in-addr.arpa or ip6.arpa for IPv4 and IPv6 addresses, respectively.
  3. Finding the PTR Record: The Reverse Domain Name System server looks up the PTR (Pointer) record associated with the provided IP address within its configured reverse Domain Name System zone. The PTR record contains the domain name associated with the IP address.
  4. Returning the Result: If a PTR record is found for the queried IP address, the Reverse Domain Name System server returns the associated domain name to the DNS resolver or client that initiated the lookup.
  5. Caching and Response: The DNS resolver or client may cache the result of the reverse Domain Name System lookup for a certain period to speed up subsequent lookups. The resolved domain name is then typically used for various purposes, such as network troubleshooting, email verification, or access control.

Reverse DNS Lookup Command

This section deals with manual reverse Domain Name System lookup in Windows or Linux.

Reverse Domain Name System Lookup in Windows

The command for reverse Domain Name System lookup in Windows is:

<code>nslookup [ip_address]</code>

For example:

An example for using the nslookup command for rDNS lookup.

The output returns the domain name for the specified IP address.

If the website doesn’t have rDNS set up, the command returns an error. For example:

The nslookup command returns an error if rDNS isn't set up.

 

Reverse DNS Lookup in Linux

There are two ways for rDNS lookup in Linux:

1. The dig command

Use the dig command in Linux to perform a manual reverse DNS lookup. The syntax is:

<code>dig -x [ip_address]</code>

For example:

Using the dig command in linux to perform rDNS lookup.

The output displays the domain name for the specified IP address.

Conclusion

You now know what reverse Domain Name System is and how to perform rDNS lookup in Windows, Linux, and using online tools.

Feel free to test the tools, but note that some websites don’t have rDNS set up, and the tools return an error in that case.