What Is Reverse DNS?

What Is Reverse DNS, And How Is It Used?

Reverse DNS is taking the series of numbers in an IP address (or hexadecimal characters in an IPv6 address) and looking up the associated domain name. Or, and this is the crux of the difference, domain names - plural.

Because although you ultimately want any given domain name to resolve to one IP address (even if that address is a load balancer that throws the ultimate destination of a query to several different servers), one server can host multiple domains. Depending on how the network interfaces are set up, that might mean an IP address that shows up in the logs could represent the activity of any user on several different services, run by many different companies. All of this is set up on the DNS records side. There is no limit to how many domains resolve to the same A record.

For example, an author might register their pen name as their main domain. But they may register the individual domains of each book as well, and point them all to the same server. And if the web hosting company shares the server amongst several authors… the number of domains associated with a single IP address can quickly skyrocket. There are also cases of network address translation (NAT) and individual subdomains which can quickly complicate the issue.

Reverse DNS is meant to list all of the registered domain names for a given IP address… assuming that reverse DNS entries have been set up for them. There’s no obligation for a person or company to add all of these domain records, of course.

This can be a problem. A standard that nobody is forced to follow isn’t as useful. But there are legitimate privacy issues at stake here: Just because something is on the Internet, that doesn’t mean absolutely everything about it needs to be public knowledge. Making reverse DNS mandatory would also put a strain on systems that focus on temporary hosting, systems testing, and the like. Or to be more accurate, it would put a strain on the systems of their domain registrar, which is never a good thing. Arguably, we don’t need tens of millions of garbage records that will never be accessed again just sitting around cluttering things up. But in cases of accountability (scams, spam, etc.), it would be nice.

How Are Reverse DNS Records Recorded?

If someone did want to add a reverse DNS record, they would go to their registrar’s management system and edit their domain information. There they would find a place to add new record types. They would add a pointer, also known as a PTR record.

PTR records are what gets returned when a reverse DNS lookup is performed. The pointer is set to a canonical name (CNAME), and all references and lookups are redirected to that entry.

As mentioned above, multiple PTR records can be used when a web server has many virtual hosts. In these cases, multiple hostnames are returned for reverse DNS lookups on these shared addresses. Whether or not this information is up to date depends on the efficiency and diligence of the virtual hosting service.

Interestingly, these records are stored in reverse order and always have ‘.in-addr.arpa’ appended to the end. For example, the reverse DNS lookup for 1.2.3.4 is stored as 4.3.2.1.in-addr.arpa in the records. Check out the specific instructions from your domain registrar or hosting service for more information.

How Is Reverse DNS Used?

Typically, reverse DNS is used to check a log entry. Let’s say that some weird network activity is coming from a certain IP address. You might want to know who is (ultimately) responsible for that server so that you can contact them and find out what’s up. A reverse DNS search on that IP address may yield results.

It can also be used in anti-spam activities. Not only can the IP address of the mail server (found in the ‘full headers’ or ‘full original message’ in most E-mail programs) be checked to see who owns it, but temporary servers run off of dynamic IP addresses can be quickly detected and blocked by automated spam filters.

With the advent of the Internet of Things (IoT), lots of devices are only referred to via an IP address. But it might be possible to get more information on them if the device is important enough to have its own PTR record. This can happen for many reasons, but depends entirely on the owner’s intentions and whether or not they made the effort.

Finally, reverse DNS can be used as forwarding confirmation. Forward-confirmed reverse DNS (FCrDNS) is a primitive way to check if the person who owns a domain name has given permission to the person using the associated IP address to perform certain activities. For example, E-mail transfer agents will often ask that forward and reverse DNS entries match. They see this as proof that there is a consenting relationship between the owner of a domain and the owner of the resource using that IP address.

How Do I Perform A Reverse DNS Lookup?

The ever-useful WhatIsMyIP site has a reverse DNS lookup tool. This is great for one-time or infrequent usage. But if it is an activity that you plan to do often, and you want to maintain your privacy as you do so without sharing the lookups with third parties, using a more local tool is preferable.

Windows 10 has a command-line tool that will do the job. Simply go to the Start menu and type ‘cmd’ (without the quotation marks) into the search field. Press Enter and the command prompt will show up. In most cases, you won’t need administrative rights to use this utility.

At the prompt, use the ‘nslookup’ command to get your information. For example:

nslookup 91.198.174.192

The result should be something like:

Name:

text-lb.esams.wikimedia.org

Address:

91.198.174.192

If you increment or decrement the final number in the IPv4 address by one, you can often see more sites and servers owned (or at least managed) by the same organization.

This same command works on Linux-based operating systems. That should include MacOS 12. For mobile devices, network utility apps are commonly used. But make sure they’re from a trusted source!

In Conclusion

Reverse DNS is a useful utility that allows you to look up domain information if you only have an IP address to work with. It’s also used as a form of spam filter and a whitelisting method for mail service providers. Reverse DNS lookup tools like nslookup are available online or can be run via your local command prompt or console.