Jump to content

Reverse DNS lookup

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Wrs1864 (talk | contribs) at 18:03, 1 May 2009 (→‎Overview: d'oh! not sure how I missed this. as per RFC 1034, CNAMEs should not be pointed to by other records). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

This page is about the Network process of Reverse DNS lookup. For other meanings of "Reverse DNS" and similar, see Reverse DNS (disambiguation).

In computer networking, reverse DNS lookup (rDNS) involves determining the hostname or host associated with a given IP address or host address.

Overview

Typically, computer networks use the Domain Name System to determine what IP address is associated with a given domain name. So, to reverse-resolve a known IP address is to look up what host and domain name belongs to that IP address.

Network administrators often refer to a reverse lookup as reverse resolving, or more specifically reverse DNS lookup, and is accomplished using a "reverse IN-ADDR entry" in the form of a PTR record.

For example, an IP address such as 192.0.2.5 might resolve through Reverse DNS Lookup to the domain name mail.example.com. Typically, an A or AAAA record for mail.example.com will point back to the original IP address 192.0.2.5. This allows it to be pass the Forward Confirmed reverse DNS process.

Reverse DNS requirement

RFC 1033 in the "INSTRUCTIONS" section, and later, RFC 1912 Section 2.1 state: "Every Internet-reachable host should have a name "; and "[m]ake sure your PTR and A records match".

IPv4 Reverse DNS

Reverse DNS lookups for IPv4 addresses use a reverse IN-ADDR entry in the special domain in-addr.arpa. In the in-addr.arpa domain a sequence of bytes in reverse order represent an IPv4 address, encoded as decimal numbers, separated by dots with the suffix .in-addr.arpa. For example, the reverse lookup domain name corresponding to the IPv4 address 10.12.13.140 is 140.13.12.10.in-addr.arpa. A host name for 1.2.3.4 can be obtained by issuing a DNS query for the PTR record for that special address 4.3.2.1.in-addr.arpa.

Classless Reverse DNS

Historically, internet registries and IP providers allocated IP addresses in blocks of 256. Thus, each block fell upon an octet boundary. This made configuration of the PTR records easy, since the dot separators delimited each block. Today however, IP addresses are allocated in much smaller blocks, and hence the traditional way of configuring a nameserver to perform reverse DNS cannot work. A means of overcoming this problem was devised and published as RFC 2317. It uses a CNAME entry which corresponds to each block.

IPv6 Reverse Lookup

Reverse DNS lookups for IPv6 addresses use similarly the special domain ip6.arpa. An IPv6 address appears as a name in the ip6.arpa domain as a sequence of nibbles in reverse order, represented as hexadecimal digits, separated by dots with the suffix .ip6.arpa. For example, the reverse lookup domain name corresponding to the IPv6 address 4321:0:1:2:3:4:567:89ab is b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa.

Multiple PTR records

While most rDNS entries only have one PTR record, the rules allow many different PTR records.[1] However, having multiple PTR records for the same IP address is generally not recommended unless there is a specific need. For example, if a webserver supports many virtual hosts, there can be one PTR record for each host and some versions of name server software will automatically add a PTR record for each host. Multiple PTR records can cause a couple of problems, including triggering bugs in programs that only expect there to ever be a single PTR record and, in the case of a large webserver, having hundreds of PTR records can cause the DNS packets to be much larger than normal.

Records other than PTR records

While uncommon compared with PTR records, other types of records may also legally appear in the reverse DNS tree. In particular, encryption keys can be placed there for, example, IPsec (RFC 4025), SSH (RFC 4255) and IKE (RFC 4322). Less standardized usages include comments placed in TXT records and LOC records to identify the location of the IP address.

Uses

The most common uses of the reverse DNS include:

  • The original use of the rDNS: network troubleshooting via tools such as traceroute, ping, and the "Received:" trace header field for SMTP e-mail, web sites tracking users (especially on Internet forums), etc.
  • One e-mail anti-spam technique: checking the domain names in the rDNS to see if they are likely from dialup users, dynamically assigned addresses, or other inexpensive internet services. Owners of such IP addresses typically assign them generic rDNS names such as "1-2-3-4-dynamic-ip.example.com." Since the vast majority, but by no means all, of e-mail that originates from these computers is spam, many spam filters refuse e-mail with such rDNS names. [2][3]
  • A Forward Confirmed reverse DNS (FCrDNS) verification can create a form of authentication showing a valid relationship between the owner of a domain name and the owner of the server that has been given an IP address. While not very thorough, this validation is strong enough to often be used for whitelisting purposes, mainly because spammers and phishers usually can't pass verification for it when they use zombie computers to forge domains.
  • System logging or monitoring tools often receive entries with the relevant devices specified only by IP addresses. In order to provide more human-usable data, these programs will often perform a reverse lookup prior to writing the log entry, thus being able to write a name rather than the IP address

References

  1. ^ draft on ietf.org
  2. ^ spamhaus's FAQ
  3. ^ reference page from AOL
Retrieved from "https://en.wikipedia.org/w/index.php?title=Reverse_DNS_lookup&oldid=287291490"