Reverse DNS lookup

From Wikipedia, the free encyclopedia

This article or section does not cite its references or sources.
Please help improve this article by introducing appropriate citations. (help, get involved!) This article has been tagged since December 2006.

Reverse DNS lookup (rDNS) is a process to determine the hostname associated with a given IP address.

Typically, the DNS is used to determine what IP address is associated with a given hostname; so to reverse resolve a known IP address is to lookup what the associated hostname for it. A reverse lookup is often referred to simply as reverse resolving, or more specifically reverse DNS lookups. RFC 1912 says that all hosts on the Internet should have a valid rDNS entry.

Contents

[edit] IPv4 Reverse DNS

Reverse DNS lookups for IPv4 addresses use the special domain in-addr.arpa. An IPv4 address is represented in the in-addr.arpa domain by a sequence of bytes in reverse order, represented as decimal numbers, separated by dots with the suffix .in-addr.arpa. For example, the reverse lookup domain name corresponding to the IPv4 address 101.102.103.104 is 104.103.102.101.in-addr.arpa. A host name for 1.2.3.4 can be obtained by issuing a DNS query for the PTR record for that special address 4.3.2.1.in-addr.arpa.

[edit] Classless Reverse DNS

Historically, IP addresses were allocated in blocks of 256. Thus, each block fell upon a octet boundary. This made configuration of the PTR records easy, since the dot separators delimited each block. Today however, IP addresses are allocated in very much smaller blocks, and hence the traditional way of configuring a nameserver to perform reverse DNS cannot work. A means of overcoming this problem was devised and published as RFC 2317. It uses a CNAME entry which corresponds to each block.

[edit] IPv6 Reverse Lookup

Reverse DNS lookups for IPv6 addresses use similarly the special domain ip6.arpa. An IPv6 address is represented as a name in the ip6.arpa domain by a sequence of nibbles in reverse order, represented as hexadecimal digits, separated by dots with the suffix .ip6.arpa. For example, the reverse lookup domain name corresponding to the IPv6 address 4321:0:1:2:3:4:567:89ab is b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa.

[edit] Uses

The most common uses of the reverse DNS are:

  • The original use of the rDNS was primarily for network troubleshooting tools, such as traceroute, ping, and the "Received:" trace header field for SMTP e-mail.
  • One e-mail anti-spam technique is to check the domain names in the rDNS to see if they are likely from dailup users, dynamically assigned addresses, or home-based broadband customers. Since the vast majority, but by no means all, of e-mail that originates from these computers is spam, many mail servers also refuse e-mail with missing or "generic" rDNS names. [1] [2]
  • A Forward Confirmed reverse DNS (FCrDNS) verification can create a weak form of authentication that there is a valid relationship between the owner of a domain name and the owner of the network that has been given an IP address. While weak, this authentication is strong enough that it can be used for whitelisting purposes because spammmers and phishers can not usually by-pass this verification when they use zombie computers to forge the domains.

[edit] External links

Retrieved from "http://en.wikipedia.org../../../r/e/v/Reverse_DNS_lookup_05b6.html"
In other languages