Reverse DNS lookup
Encyclopedia
In computer networking, reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name
that is associated with a given IP address
using the Domain Name System
(DNS) of the Internet
.
Computer networks use the Domain Name System to determine the IP address associated with a domain name. This process is also known as forward DNS resolution. Reverse DNS lookup is the inverse process, the resolution of an IP address to its designated domain name.
The reverse DNS database of the Internet is rooted in the Address and Routing Parameter Area (arpa
) top-level domain of the Internet. IPv4
uses the in-addr.arpa domain and the ip6.arpa domain is delegated for IPv6
. The process of reverse resolving an IP address uses the pointer DNS record type (PTR record).
Internet official documents (RFC 1033, RFC 1912 Section 2.1) specify that "Every Internet-reachable host should have a name" and that such names match with a reverse pointer record.
addresses use a reverse IN-ADDR entry in the special domain in-addr.arpa. In this domain, an IPv4 address is represented as a concatenated sequence of four decimal numbers, separated by dots, to which is appended the second level domain suffix .in-addr.arpa. The four decimal numbers are obtained by splitting the 32-bit IPv4 address into four 8-bit portions and converting each 8-bit portion into a decimal number, these decimal numbers are then concatenated in the order : least significant 8-bit portion first (leftmost), most significant 8-bit portion last (rightmost). It is important to note that this is the reverse order to the usual dotted-decimal convention for writing IPv4 addresses in textual form.
For example, an address (A) record for mail.example.com points to the IP address 192.0.2.5.
In pointer records of the reverse database, this IP address is stored as the domain name 5.2.0.192.in-addr.arpa pointing back to its designated host name mail.example.com.
This allows it to pass the Forward Confirmed reverse DNS process.
, IP addresses were allocated in much smaller blocks, and hence the original design of pointer records was impractical, since autonomy of administration of smaller blocks could not be granted. RFC 2317 devised a methodology to address this problem by using canonical name (CNAME) DNS records.
addresses use the special domain
s in reverse order, represented as hexadecimal digits as subdomains. For example, the pointer domain name corresponding to the IPv6 address
(RFC 4025), SSH
(RFC 4255) and IKE
(RFC 4322), for example. Less standardized usages include comments placed in TXT records and LOC record
s to identify the geophysical location of an IP address.
Domain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
that is associated with a given IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
using the Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
(DNS) of the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
.
Computer networks use the Domain Name System to determine the IP address associated with a domain name. This process is also known as forward DNS resolution. Reverse DNS lookup is the inverse process, the resolution of an IP address to its designated domain name.
The reverse DNS database of the Internet is rooted in the Address and Routing Parameter Area (arpa
.arpa
The domain name arpa is a top-level domain in the Domain Name System of the Internet. It is used exclusively for technical infrastructure purposes...
) top-level domain of the Internet. IPv4
IPv4
Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
uses the in-addr.arpa domain and the ip6.arpa domain is delegated for IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
. The process of reverse resolving an IP address uses the pointer DNS record type (PTR record).
Internet official documents (RFC 1033, RFC 1912 Section 2.1) specify that "Every Internet-reachable host should have a name" and that such names match with a reverse pointer record.
IPv4 reverse resolution
Reverse DNS lookups for IPv4IPv4
Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
addresses use a reverse IN-ADDR entry in the special domain in-addr.arpa. In this domain, an IPv4 address is represented as a concatenated sequence of four decimal numbers, separated by dots, to which is appended the second level domain suffix .in-addr.arpa. The four decimal numbers are obtained by splitting the 32-bit IPv4 address into four 8-bit portions and converting each 8-bit portion into a decimal number, these decimal numbers are then concatenated in the order : least significant 8-bit portion first (leftmost), most significant 8-bit portion last (rightmost). It is important to note that this is the reverse order to the usual dotted-decimal convention for writing IPv4 addresses in textual form.
For example, an address (A) record for mail.example.com points to the IP address 192.0.2.5.
In pointer records of the reverse database, this IP address is stored as the domain name 5.2.0.192.in-addr.arpa pointing back to its designated host name mail.example.com.
This allows it to pass the Forward Confirmed reverse DNS process.
Classless reverse DNS method
Historically, Internet registries and Internet service providers allocated IP addresses in blocks of 256 (for Class C) or larger octet-based blocks for classes B and A. By definition, each block fell upon an octet boundary. The structure of the reverse DNS domain was based on this definition. However, with the introduction of Classless Inter-Domain RoutingClassless Inter-Domain Routing
Classless Inter-Domain Routing is a method for allocating IP addresses and routing Internet Protocol packets. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet...
, IP addresses were allocated in much smaller blocks, and hence the original design of pointer records was impractical, since autonomy of administration of smaller blocks could not be granted. RFC 2317 devised a methodology to address this problem by using canonical name (CNAME) DNS records.
IPv6 reverse resolution
Reverse DNS lookups for IPv6IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
addresses use the special domain
ip6.arpa. An IPv6 address appears as a name in this domain as a sequence of nibbleNibble
In computing, a nibble is a four-bit aggregation, or half an octet...
s in reverse order, represented as hexadecimal digits as subdomains. For example, the pointer domain name corresponding to the IPv6 address
2001:db8::567:89ab is b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.Multiple pointer records
While most rDNS entries only have one PTR record, DNS does not restrict the number. However, having multiple PTR records for the same IP address is generally not recommended, unless there is a specific need. For example, if a web server supports many virtual hosts, there may be one PTR record for each host and some versions of name server software will allocate this automatically. Multiple PTR records can cause problems, however, including triggering bugs in programs that only expect single PTR records and, in the case of a large web server, having hundreds of PTR records can cause the DNS packets to be much larger than normal.Records other than PTR records
Record types other than PTR records may also appear in the reverse DNS tree. In particular, encryption keys may be placed there for IPsecIPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
(RFC 4025), SSH
Secure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
(RFC 4255) and IKE
Internet key exchange
Internet Key Exchange is the protocol used to set up a security association in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP...
(RFC 4322), for example. Less standardized usages include comments placed in TXT records and LOC record
LOC record
In the Domain Name System, a LOC record is a means for expressing geographic location information for a domain name.It contains WGS84 Latitude, Longitude and Altitude information together with host/subnet physical size and location accuracy...
s to identify the geophysical location of an IP address.
Uses
The most common uses of the reverse DNS include:- The original use of the rDNS: network troubleshooting via tools such as tracerouteTraceroutetraceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol network. Traceroute is available on most operating systems....
, pingPingPing is a computer network administration utility used to test the reachability of a host on an Internet Protocol network and to measure the round-trip time for messages sent from the originating host to a destination computer...
, and the "Received:" trace header field for SMTP e-mail, web sites tracking users (especially on Internet forumInternet forumAn Internet forum, or message board, is an online discussion site where people can hold conversations in the form of posted messages. They differ from chat rooms in that messages are at least temporarily archived...
s), etc. - One e-mail anti-spam technique: checking the domain names in the rDNS to see if they are likely from dialup users, dynamically assigned addresses, or other inexpensive internet services. Owners of such IP addresses typically assign them generic rDNS names such as "1-2-3-4-dynamic-ip.example.com." Since the vast majority, but by no means all, of e-mail that originates from these computers is spam, many spam filters refuse e-mail with such rDNS names.
- A forward-confirmed reverse DNS (FCrDNS) verification can create a form of authentication showing a valid relationship between the owner of a domain name and the owner of the server that has been given an IP address. While not very thorough, this validation is strong enough to often be used for whitelisting purposes, mainly because spammersSpam (electronic)Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
and phishersPhishingPhishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
usually can't pass verification for it when they use zombie computerZombie computerIn computer science, a zombie is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam...
s to forge domains. - System logging or monitoring tools often receive entries with the relevant devices specified only by IP addresses. To provide more human-usable data, these programs often perform a reverse lookup prior to writing the log , thus writing a name rather than the IP address
External links
- ICANN DNS Operations
- RFC 2317 documents a way to do rDNS delegation for CIDRClassless Inter-Domain RoutingClassless Inter-Domain Routing is a method for allocating IP addresses and routing Internet Protocol packets. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet...
blocks - RFC 3596 DNS Extensions to Support IP Version 6
- Find the hosted domains in a server http://www.domainbilgi.com/?blm=reverseip
- RDNS policies: AOL; Comcast
- An IPv6 Configuration for Your LAN