Reverse DNS lookup

From Wikipedia, the free encyclopedia
Jump to: navigation, search
"Reverse DNS" redirects here. For Java-like naming convention, see Reverse domain name notation.

In computer networking, reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name associated with an IP address via querying DNS – the reverse of the usual "forward" DNS lookup of an IP from a domain name.

The process of reverse resolving an IP address uses PTR records. The reverse DNS database of the Internet is rooted in the arpa top-level domain.

Although the informational RFC 1912 (Section 2.1) specifies that "Every Internet-reachable host should have a name" and that "For every IP address, there should be a matching PTR record...", it is not an Internet Standard requirement, and not all IP addresses have a reverse entry.

Implementation details[edit]

IPv4 reverse resolution[edit]

Reverse DNS lookups for IPv4 addresses use the special domain in-addr.arpa. In this domain, an IPv4 address is represented as a concatenated sequence of four decimal numbers, separated by dots, to which is appended the second level domain suffix .in-addr.arpa. The four decimal numbers are obtained by splitting the 32-bit IPv4 address into four 8-bit portions and converting each 8-bit portion into a decimal number. These decimal numbers are then concatenated in the order: least significant 8-bit portion first (leftmost), most significant 8-bit portion last (rightmost). It is important to note that this is the reverse order to the usual dotted-decimal convention for writing IPv4 addresses in textual form.

For example, to do a reverse lookup of the IP address 8.8.4.4 the PTR record for the domain name 4.4.8.8.in-addr.arpa would be looked up, and found to point to google-public-dns-b.google.com.

If the A record for google-public-dns-b.google.com in turn pointed back to 8.8.4.4 then it would be said to be forward-confirmed.

Classless reverse DNS method[edit]

Historically, Internet registries and Internet service providers allocated IP addresses in blocks of 256 (for Class C) or larger octet-based blocks for classes B and A. By definition, each block fell upon an octet boundary. The structure of the reverse DNS domain was based on this definition. However, with the introduction of Classless Inter-Domain Routing, IP addresses were allocated in much smaller blocks, and hence the original design of pointer records was impractical, since autonomy of administration of smaller blocks could not be granted. RFC 2317 devised a methodology to address this problem by using CNAME records.

IPv6 reverse resolution[edit]

Reverse DNS lookups for IPv6 addresses use the special domain ip6.arpa (previously ip6.int[1]). An IPv6 address appears as a name in this domain as a sequence of nibbles in reverse order, represented as hexadecimal digits as subdomains. For example, the pointer domain name corresponding to the IPv6 address 2001:db8::567:89ab is b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.

Multiple pointer records[edit]

While most rDNS entries only have one PTR record, DNS does not restrict the number. However, having multiple PTR records for the same IP address is generally not recommended[by whom?], unless there is a specific need. For example, if a web server supports many virtual hosts, there may be one PTR record for each host and some versions of name server software will allocate this automatically. Multiple PTR records can cause problems[citation needed], however, including triggering bugs in programs that only expect single PTR records.[2] In the case of a large web server, having hundreds of PTR records can cause the DNS packets to be much larger than normal, which can cause the query to be requested over TCP when they exceed the DNS 512 byte UDP message limit.

Records other than PTR records[edit]

Record types other than PTR records may also appear in the reverse DNS tree. For example, encryption keys may be placed there for IPsec, SSH and IKE. DNS-Based Service Discovery uses specially-named records in the reverse DNS tree to provide hints to clients about subnet-specific service discovery domains.[3] Less standardized usages include comments placed in TXT records and LOC records to identify the geophysical location of an IP address.

Uses[edit]

The most common uses of the reverse DNS include:

  • The original use of the rDNS: network troubleshooting via tools such as traceroute, ping, and the "Received:" trace header field for SMTP e-mail, web sites tracking users (especially on Internet forums), etc.
  • One e-mail anti-spam technique: checking the domain names in the rDNS to see if they are likely from dialup users, or dynamically assigned addresses unlikely to be used by legitimate mail servers. Owners of such IP addresses typically assign them generic rDNS names such as "1-2-3-4-dynamic-ip.example.com." Some anti-spam filters assume that email that originates from such addresses is likely to be spam, and may refuse connection.[4][5]
  • A forward-confirmed reverse DNS (FCrDNS) verification can create a form of authentication showing a valid relationship between the owner of a domain name and the owner of the server that has been given an IP address. While not very thorough, this validation is strong enough to often be used for whitelisting purposes, mainly because spammers and phishers usually can't pass verification for it when they use zombie computers to forge domains.
  • System logging or monitoring tools often receive entries with the relevant devices specified only by IP addresses. To provide more human-usable data, these programs often perform a reverse lookup before writing the log, thus writing a name rather than the IP address

References[edit]

External links[edit]