Reverse DNS (rDNS)
The Domain Name System (DNS) is one of the most important elements of the internet. In fact, it would be far more complicated to use the world’s open computer network without DNS and its combination of name servers. The hierarchical directory system is responsible for managing the addresses of projects on the World Wide Web: When registering a website in the DNS, an entry is created that contains an easily legible domain address as well as the associated numerical IP address. We are therefore able to type in familiar addresses like example.com into the browser and reach the relevant website, since these domain addresses are automatically translated into the corresponding IP address by a DNS server in the background.
In certain cases, however, it can make sense to take the reverse approach – i.e. to determine the domain address or hostname for a particular IP address. This is called a reverse DNS (rDNS) or reverse DNS lookup. Read this guide to learn more about how it works.
What Is a Reverse DNS?
A reverse DNS (rDNS) or reverse DNS lookup concerns a DNS request that can be used to determine a certain domain name or hostname for an IP address. This requires that a PTR record (pointer entry) exists for the queried internet address, which refers to the name and enables a reverse request in the Domain Name System. The various internet providers are responsible for organising these entries contained in their own domain. Changes to these pointers are therefore only possible in consultation with the provider.
When and for Whom Do Reverse DNS Lookups Make Sense?
Like standard requests, a reverse DNS not only provides the desired name or IP address but also some additional information. Besides the hostname, a lookup reveals the geographical assignment of the IP address as well as information about the responsible internet provider, for example. This information has little value for analysing private users, since the automatically generated names behind the user IPs do not enable personal identification – which would be relevant for marketing purposes. However, users’ localisation data can certainly be utilised to obtain information about desired target markets.
The information provided by reverse DNS lookups are much more useful for B2B marketing: Most companies have their own IP address, making it typically possible for you to ascertain when a particular company is using your web offering.
Reverse DNS requests are also used often in email dispatch and email transmission: Many mail servers use the technique to verify that received messages do not come from a spam server. The PTR records of the respective sending servers are requested for this purpose. If the entered email domain does not match the sender address or there is no reverse DNS entry at all, a message will be marked as spam.
How Exactly Do Reverse DNS Lookups (rDNS) Work?
If you know the IP address for a device or server on the internet, it would be very time-consuming if a reverse DNS lookup always had to look through the entire Domain Name System for this IP. For reverse DNS requests, a dedicated domain – in-addr.arpa (for IPv4 addresses) and ip6.arpa (for IPv6 addresses) – was therefore set up with three subdomains that enables the address to be resolved in no more than three steps. The subdomains are divided as follows:
- rDNS subdomain 1: The subdomain that directly follows in-addr.arpa or ip6.arpa represents the first component of the IP address.
- rDNS subdomain 2: The second component of the IP address is found on the second level.
- rDNS subdomain 3: Subdomain 3 of rDNS contains the third component of the respective IP address.
The individual components of the IP address are arranged in reverse order, or analogous to their proximity to the left of the main domain. For example, the rDNS subdomain of the third level for all IPv4 addresses or the address space 192.0.2.x is therefore as follows:
Not just one dedicated reverse DNS domain exists for IPv6 addresses: To determine the hostname for one of these new address, it’s also necessary to not use the typical notation (eight-bit blocks, separated by a colon) but to individually enter all numbers and letters (including all zeros) – each separated by a point.
Reverse DNS Lookup: Explained with an Example
The easiest way to illustrate how the reverse DNS domain works is to consider a short example request. The request for the IPv4 address 188.8.131.52 would need to look as follows:
If you start this request using a reverse DNS lookup tool, you’ll receive the result below:
The hostname for 184.108.40.206 is 217-160-0-128.elastic-ssl.ui-r.com.
The displayed domain (elastic-ssl.ui-r.com) is operated by IONOS – in this case, it’s a test website hosted on IONOS servers. This information is automatically included in many lookup tools.
The website can also be reached via the IPv6 address 2001:8d8:100f:f000::2e3; the rDNS lookup for this would be:
Reverse DNS: The Best Tools for Reverse DNS Requests
Most Linux, Windows and macOS systems have already an integrated tool with nslookup that allows any requests to be sent to the Domain Name System. You can therefore use this program to execute both standard DNS requests as well as reverse DNS lookups, whereby the local DNS server defined by the provider is contacted by default. But another name server can be defined, if necessary.
Alternatively, you can perform rDNS address requests via the web. There are many online tools available based on nslookup, which allow you to submit DNS server requests directly in the browser. Here are three such solutions:
- MxToolBox: MxToolBox is an online service that provides a range of network diagnostics and lookup tools. While some of these functions are subject to a charge, the reverse DNS check using the SuperTool is always free. To use it, simply select the option “Reverse Lookup” and enter either an IPv4 or IPv6 address.
- WhatIsMyIP.com: Not only can you check your IP address on WhatIsMyIP.com – as the name suggests – you can also execute rDNS requests. Select the “Reverse DNS Lookup” option, type the IPv4 or IPv6 address into the entry field, and press “Lookup”.
- Debouncer: The Debouncer web service is aimed specifically at anyone who wants to check whether their own domain or mail server is on a spam blacklist. For this purpose, the “Reverse DNS check” also allows reverse DNS requests. However, it is only possible to check IPv4 addresses.
Please note the legal disclaimer relating to this article.