What Is Reverse DNS and How Does It Work?

August 19, 2021

Introduction

Reverse DNS (rDNS) is a process that resolves an IP address back to a domain name, the opposite of a forward DNS query.

In this article, you will learn what reverse DNS is and how it works.

What is reverse DNS and how does it work?

What Is Reverse DNS?

Reverse DNS is a DNS lookup of a domain name from an IP address. While a regular DNS request resolves an IP address from a domain name, rDNS does the opposite, hence the name reverse.  

PTR record is used to perform reverse DNS lookups. Pointer records are configured within Address and Routing Parameter Area (in-addr.arpa) domains. If there is no PTR record set up, a reverse DNS lookup is unsuccessful.

Note: Learn more about PTR Record and other record types by referring to our article DNS Record Types Explained.

What Is Reverse DNS Lookup Used For?

Reverse DNS is particularly useful for those running an outgoing mail server. Besides mail servers, there are several reasons for using rDNS:

  • Filtering spam emails. Most email servers use rDNS to block spam mail, rejecting messages from IP addresses without rDNS. However, rDNS is mainly used as an additional layer of protection because it isn't reliable as some legitimate mail servers don't have properly set up rDNS records.
  • Analytics. Reverse DNS helps provide human-readable data in analytics, rather than listing logs of IP addresses.
  • Tracking website visitors. IP addresses of website visitors remain in the visit logs and can help you get an idea of your website audience. Tracking website visitors is beneficial for B2B lead generation.
  • Smooth network experience. Reverse DNS prevents you from encountering problems with most enterprise management systems, r-commands, SMTP servers, or network backup systems. rDNS is also one of the basic requirements for running some Internet protocols.
  • Security. A reverse IP lookup can be used to find the IP address' A records, mapping a domain name to the physical IP address of the device hosting that domain. The results help determine the virtual hosts served from a web server and identify server vulnerabilities.

Note: Read our article to fully understand what DNS is and how it works.

How Does Reverse DNS Lookup Work?

Reverse DNS works by looking up query DNS servers for a pointer record (PTR). A PTR record maps an IPv4 or IPv6 address to the canonical name for the host. If there is no PTR record on the server, it cannot resolve a reverse lookup.

PTR records store reverse DNS entries, with their IP address reversed and .in-addr.arpa appended to each record. For example, PTR stores the IP address 198.15.93.98 as 98.93.15.198.in-addr.arpa, pointing back to its designated host name.

It is advisable to have a proper reverse DNS record (PTR) set up, especially when running an SMTP/mail server.

Note: See the best practices for DNS Security and performance.

The following image illustrates the difference between DNS and rDNS lookup:

The difference between DNS and rDNS lookup.

In IPv6, PTR records store rDNS entries within the .ip6.arpa domain instead of .in-addr.arpa.

When a domain name has a valid rDNS, you can access it by entering its IP address in your browser.

How to Do a Reverse DNS?

There are several ways to perform reverse DNS lookup:

Note: Follow our tutorial and set a DNS Nameserver on Ubuntu 20.04.

Reverse DNS Lookup Command

This section deals with manual reverse DNS lookup in Windows or Linux.

Reverse DNS Lookup in Windows

The command for reverse DNS lookup in Windows is:

nslookup [ip_address]

For example:

An example for using the nslookup command for rDNS lookup.

The output returns the domain name for the specified IP address.

If the website doesn't have rDNS set up, the command returns an error. For example:

The nslookup command returns an error if rDNS isn't set up.

Reverse DNS Lookup in Linux

There are two ways for rDNS lookup in Linux:

1. The dig command

Use the dig command in Linux to perform a manual reverse DNS lookup. The syntax is:

dig -x [ip_address]

For example:

Using the dig command in linux to perform rDNS lookup.

The output displays the domain name for the specified IP address.

2. The host command

Another command for reverse DNS lookup in Linux is:

host [ip_address]

For example:

Using the host command for rDNS lookup in Linux.

The output shows the domain name for the specified IP address.

Reverse DNS Tools

This section lists the available tools for reverse DNS lookup.

Note: Every tool listed is different in terms of capabilities and level of DNS information available, suited for individual use cases.

1. Online Tools

Online reverse DNS tools allow you to lookup a small number of addresses. Some may also provide an API for enterprise use cases.

2. Enterprise-Grade Tools

Other, enterprise-grade tools, allow you to automate and perform rDNS lookup on many IP addresses. Some of those tools are:

  • https://reverseip.domaintools.com/ - Allows you to find all domains hosted on a given IP address. Lookups are free for Personal and Enterprise Members, for IPs with up to 2,000 hosted domains.
  • https://reverse-ip.whoisxmlapi.com/ - A RESTful API suitable for automated solutions like scripts or programs. Provides a list of all domains associated with an IP address via API calls, and outputs results in JSON and XML formats.
  • https://viewdns.info/ - A number of tools including rDNS lookup and an API that allows web developers to integrate the tools into their site. Outputs available in XML and JSON formats.
  • https://toolbox.googleapps.com/apps/dig/ - A network tool that offers the same results as the Linux dig command.
  • https://dnsinspect.com/ - A free web tool that checks your domain's servers for common DNS and mail errors and generates a report with explanations how to fix them.

Note: Refer to our article on how to reduce DNS lookups to improve your website performance.

Conclusion

You now know what reverse DNS is and how to perform rDNS lookup in Windows, Linux, and using online tools.

Feel free to test the tools, but note that some websites don't have rDNS set up, and the tools return an error in that case.

Was this article helpful?
YesNo
Bosko Marijan
Having worked as an educator and content writer, combined with his lifelong passion for all things high-tech, Bosko strives to simplify intricate concepts and make them user-friendly. That has led him to technical writing at PhoenixNAP, where he continues his mission of spreading knowledge.
Next you should read
Networking SysAdmin
How to Use the hostname Command in Linux
October 8, 2020
The Linux hostname command lets you view your computers domain, hostname, and IP address. This tutorial covers all the ways you can use the hostname command, with examples for each option.
Read more
Networking SysAdmin
Flush DNS Cache Locally in Windows, macOS, & Linux
January 8, 2019
DNS cache can be corrupted for a number of different reasons, including network attacks or viruses. Learn to clear DNS cache on your system and resolve potential issues.
Read more
Networking SysAdmin
Set Up Raspberry Pi As A DNS Server
March 31, 2021
Learn how to improve your network speed by setting up a Raspberry Pi as a DNS server in this step-by-step guide.
Read more
Networking SysAdmin
How to set DNS Nameserver on Ubuntu 20.04
May 18, 2021
The Domain Name System (DNS) translates text-based domain names to numeric IP addresses. Most networks are configured to work with DNS servers provided by the ISP. This tutorial shows you how to change DNS addresses in Ubuntu.
Read more