What Is a Reverse DNS Lookup and How Does It Work?

December 25, 2024

Introduction

A DNS request maps a domain name to its corresponding IP address, enabling devices on the internet to locate and communicate with each other.

Reverse DNS does the opposite. It resolves an IP address back to a domain name. It is primarily used for authenticating requests and verifying a device's identity.

Learn how reverse DNS works and how to perform lookups on different operating systems.

The guide explains Reverse DNS and how to use it.

What Is Reverse DNS?

Reverse DNS (rDNS) is a process that determines the domain name associated with a specific IP address. Simply put, reverse DNS allows you to identify a domain name, like phoenixnap.com, from its IP address, such as 198.15.93.98.

The difference between DNS and rDNS lookup.

Resolving an IP address back to its domain name improves the readability of data in logs, diagnostic tools, and network monitoring systems. Humans can interpret data faster and troubleshoot DNS and network issues more efficiently.

How Does Reverse DNS Work?

Reverse DNS relies on Pointer Records (PTR), which are a type of DNS records that map an IPv4 or IPv6 address back to its associated domain name. These records are stored within specific DNS zone files.

Note: Zone files are text-based files that use the DNS syntax and are housed on DNS servers. They contain critical information about domains, including PTR, A, MX, and CNAME records.

An IPv4 PTR record consists of a reversed IP address with the .in-addr.arpa domain appended and the domain it maps to. For example, the IP address 198.15.93.98 is stored as:

98.93.15.198.in-addr.arpa. IN PTR phoenixnap.com.

An IPv6 record is also a reversed IP address with the .ip6.arpa domain appended. For example, the IPv6 address 2001:0db8:85a3:0000:0000:8a2e:0370:7334 is stored as:

4.3.3.7.0.7.3.0.e.2.a.8.0.0.0.0.0.0.0.3.a.5.8.8.b.d.0.1.0.0.2.ip6.arpa. IN PTR phoenixnap.com.

The IP addresses are reversed to enable efficient lookups by working from the most specific part of the address (the host) back to the broader network segments. If an IP address has no PTR record, the reverse lookup returns either no result or an error.

What Are Reverse DNS Searches (Lookups) Used For?

Reverse DNS common use cases include:

  • Improving data analytics. Reverse DNS helps retrieve human-readable domain names instead of raw IP addresses in logs and monitoring systems, making it much easier to interpret data.
  • Filtering spam emails. Email servers use rDNS as part of their spam filtering systems. Messages from IP addresses without properly configured rDNS records are often rejected. However, rDNS is not sophisticated enough to be used as a standalone solution, as some legitimate mail servers may lack proper rDNS records.
  • Tracking website visitors. You can use rDNS to resolve website visitor IP addresses into domain names. This is useful for B2B lead generation as it reveals organizations and businesses accessing your site.
  • Ensuring smooth network operations. rDNS is a prerequisite for many enterprise management systems, network protocols (e.g., SMTP), remote commands, and backup systems.
  • Identifying security threats. rDNS can identify the domain names associated with an IP address and verify their authenticity. Administrators can cross-reference PTR records with A records and assess virtual hosts on a server to detect potential vulnerabilities.

The following section explains how to perform a reverse DNS lookup on different operating systems.

Reverse DNS Search on Linux

There are two ways to complete a reverse DNS lookup from the Linux terminal window:

dig Command

You can use the dig command with the -x option. The syntax is:

dig -x [ip_address]

For example, to reverse lookup the IP address 8.8.8.8, enter:

dig -x 8.8.8.8
Using the dig command in linux to perform rDNS lookup.

The output displays the domain name for the IP address. In this example, the IP corresponds to the hostname google.com.

host Command

The host command provides a simpler syntax for reverse DNS lookups. Use the following format:

host [ip_address]

For example, to reverse lookup the IP address 8.8.8.8, enter:

host 8.8.8.8
Using the host command for rDNS lookup in Linux.

The output shows the domain name for the IP address.

Reverse DNS Search on Windows

You can perform a manual rDNS lookup from the Windows Command Prompt (CMD) using the nslookup command.

The nslookup command syntax is:

nslookup [ip_address]

Enter the following command to initiate a reverse DNS lookup for the IP address 8.8.8.8:

nslookup 8.8.8.8
An example for using the nslookup command for rDNS lookup.

The terminal displays the domain name associated with the IP address. If the website does not have rDNS set up, the command returns an error. For example, an rDNS lookup for IP address 198.15.93.98 returns the Non-existent domain error message.

The nslookup command returns an error if rDNS isn't set up.

This message indicates that the IP address has no associated domain name.

Reverse DNS Search on Mac

The dig command can also serve for reverse DNS lookups on macOS. The syntax is the same as on Linux:

dig -x [ip_address]

Open the Terminal on macOS and enter the following command to initiate an rDNS lookup for the IP 8.8.8.8:

dig -x 8.8.8.8

The output displays the domain name associated with the IP address.

A reverse DNS lookup on macOS.

Like Linux, macOS also supports the host and nslookup commands for performing rDNS lookups.

Reverse DNS Lookup Tools

Popular rDNS lookup tools offer different features and DNS functionalities to suit various use cases.

Online rDNS Lookup Tools

Online reverse DNS tools allow for quick lookups of a small number of IP addresses. Some also offer APIs for enterprise use cases with subscription plans. Examples include:

Enterprise-Grade rDNS Lookup Tools

Enterprise-grade tools include additional features for automated and large-scale rDNS use cases:

  • Domain Tools. Identify all domains hosted on a given IP address. Free lookups are available for Personal and Enterprise Members, supporting IPs with up to 2,000 hosted domains.
  • WhoisXMLAPI. Integrate with a RESTful API to power automated scripts and programs. Requests return a list of domains associated with an IP address in JSON and XML formats.
  • ViewDNS. Offers multiple tools, including rDNS lookup, with an API that developers can integrate into their websites. Outputs are available in XML and JSON formats.
  • Google Admin Toolbox. A collection of network tools, including rDNS lookup, that provides similar results to the Linux dig command.
  • DNS Inspect. A free web tool that checks your domain's servers for common DNS and mail errors and generates a report with explanations on how to fix them.

Conclusion

The article showed what reverse DNS is and how to perform rDNS lookup in Linux, Windows, Mac, and using online tools.

Explore the listed tools to identify the best solution to automate rDNS lookups and improve DNS security and performance.

Was this article helpful?
YesNo
Bosko Marijan
Having worked as an educator and content writer, combined with his lifelong passion for all things high-tech, Bosko strives to simplify intricate concepts and make them user-friendly. That has led him to technical writing at PhoenixNAP, where he continues his mission of spreading knowledge.
Next you should read
How to Use the hostname Command in Linux
October 8, 2020

The Linux hostname command lets you view your computers domain, hostname, and IP address. This tutorial covers all the ways you can use the hostname command, with examples for each option.
Read more
Flush DNS Cache Locally in Windows, macOS, & Linux
September 10, 2024

DNS cache can be corrupted for a number of different reasons, including network attacks or viruses. Learn to clear DNS cache on your system and resolve potential issues.
Read more
Set Up Raspberry Pi As A DNS Server
March 31, 2021

Learn how to improve your network speed by setting up a Raspberry Pi as a DNS server in this step-by-step guide.
Read more
DNS Configuration: Everything You Need to Know
March 23, 2023

Every network administrator needs to know how to change DNS configuration. Learn how to configure DNS on Windows, Linux, and macOS in this step-by-step guide.
Read more