What Is Reverse DNS and How Does It Work?

Introduction

Reverse DNS (rDNS) is a process that resolves an IP address back to a domain name, the opposite of a forward DNS query.

In this article, you will learn what reverse DNS is and how it works.

What is reverse DNS and how does it work?

What Is Reverse DNS?

Reverse DNS is a DNS lookup of a domain name from an IP address. While a regular DNS request resolves an IP address from a domain name, rDNS does the opposite, hence the name reverse.  

PTR record is used to perform reverse DNS lookups. Pointer records are configured within Address and Routing Parameter Area (in-addr.arpa) domains. If there is no PTR record set up, a reverse DNS lookup is unsuccessful.

Note: Learn more about PTR Record and other record types by referring to our article DNS Record Types Explained.

What Is Reverse DNS Lookup Used For?

Reverse DNS is particularly useful for those running an outgoing mail server. Besides mail servers, there are several reasons for using rDNS:

  • Filtering spam emails. Most email servers use rDNS to block spam mail, rejecting messages from IP addresses without rDNS. However, rDNS is mainly used as an additional layer of protection because it isn’t reliable as some legitimate mail servers don’t have properly set up rDNS records.
  • Analytics. Reverse DNS helps provide human-readable data in analytics, rather than listing logs of IP addresses.
  • Tracking website visitors. IP addresses of website visitors remain in the visit logs and can help you get an idea of your website audience. Tracking website visitors is beneficial for B2B lead generation.
  • Smooth network experience. Reverse DNS prevents you from encountering problems with most enterprise management systems, r-commands, SMTP servers, or network backup systems. rDNS is also one of the basic requirements for running some Internet protocols.
  • Security. A reverse IP lookup can be used to find the IP address’ A records, mapping a domain name to the physical IP address of the device hosting that domain. The results help determine the virtual hosts served from a web server and identify server vulnerabilities.

Note: Read our article to fully understand what DNS is and how it works.

How Does Reverse DNS Lookup Work?

Reverse DNS works by looking up query DNS servers for a pointer record (PTR). A PTR record maps an IPv4 or IPv6 address to the canonical name for the host. If there is no PTR record on the server, it cannot resolve a reverse lookup.

PTR records store reverse DNS entries, with their IP address reversed and .in-addr.arpa appended to each record. For example, PTR stores the IP address 198.15.93.98 as 98.93.15.198.in-addr.arpa, pointing back to its designated host name.

It is advisable to have a proper reverse DNS record (PTR) set up, especially when running an SMTP/mail server.

The following image illustrates the difference between DNS and rDNS lookup:

The difference between DNS and rDNS lookup.

In IPv6, PTR records store rDNS entries within the .ip6.arpa domain instead of .in-addr.arpa.

When a domain name has a valid rDNS, you can access it by entering its IP address in your browser.

How to Do a Reverse DNS?

There are several ways to perform reverse DNS lookup:

  • Use the Windows command line. Perform manual rDNS lookup in Windows using the nslookup command.
  • Use the Linux terminal. The dig command with -x flag allows you to perform manual rDNS lookup. Alternatively, use the host command.
  • Use rDNS lookup tools. Several tools offer rDNS lookup.

Note: Follow our tutorial and set a DNS Nameserver on Ubuntu 20.04.

Reverse DNS Lookup Command

This section deals with manual reverse DNS lookup in Windows or Linux.

Reverse DNS Lookup in Windows

The command for reverse DNS lookup in Windows is:

nslookup [ip_address]

For example:

An example for using the nslookup command for rDNS lookup.

The output returns the domain name for the specified IP address.

If the website doesn’t have rDNS set up, the command returns an error. For example:

The nslookup command returns an error if rDNS isn't set up.

Reverse DNS Lookup in Linux

There are two ways for rDNS lookup in Linux:

1. The dig command

Use the dig command in Linux to perform a manual reverse DNS lookup. The syntax is:

dig -x [ip_address]

For example:

Using the dig command in linux to perform rDNS lookup.

The output displays the domain name for the specified IP address.

2. The host command

Another command for reverse DNS lookup in Linux is:

host [ip_address]

For example:

Using the host command for rDNS lookup in Linux.

The output shows the domain name for the specified IP address.

Reverse DNS Tools

This section lists the available tools for reverse DNS lookup.

Note: Every tool listed is different in terms of capabilities and level of DNS information available, suited for individual use cases.

1. Online Tools

Online reverse DNS tools allow you to lookup a small number of addresses. Some may also provide an API for enterprise use cases.

2. Enterprise-Grade Tools

Other, enterprise-grade tools, allow you to automate and perform rDNS lookup on many IP addresses. Some of those tools are:

  • https://reverseip.domaintools.com/ – Allows you to find all domains hosted on a given IP address. Lookups are free for Personal and Enterprise Members, for IPs with up to 2,000 hosted domains.
  • https://reverse-ip.whoisxmlapi.com/ – A RESTful API suitable for automated solutions like scripts or programs. Provides a list of all domains associated with an IP address via API calls, and outputs results in JSON and XML formats.
  • https://viewdns.info/ – A number of tools including rDNS lookup and an API that allows web developers to integrate the tools into their site. Outputs available in XML and JSON formats.
  • https://toolbox.googleapps.com/apps/dig/ – A network tool that offers the same results as the Linux dig command.
  • https://dnsinspect.com/ – A free web tool that checks your domain’s servers for common DNS and mail errors and generates a report with explanations how to fix them.

Conclusion

You now know what reverse DNS is and how to perform rDNS lookup in Windows, Linux, and using online tools.

Feel free to test the tools, but note that some websites don’t have rDNS set up, and the tools return an error in that case.

原创文章,作者:306829225,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/224448.html

(0)
上一篇 2022年1月7日 15:48
下一篇 2022年1月7日 15:49

相关推荐

发表回复

登录后才能评论