fbpx
Wikipedia

Reverse DNS lookup

October 24, 2023

"RDNS" redirects here. For nursing services in Australia, see Royal District Nursing Service.
Not to be confused with Reverse domain name notation.

In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup of an IP address from a domain name.[1] The process of reverse resolving of an IP address uses PTR records. rDNS involves searching domain name registry and registrar tables. The reverse DNS database of the Internet is rooted in the .arpa top-level domain.

Although the informational RFC 1912 (Section 2.1) recommends that "every Internet-reachable host should have a name" and that "for every IP address, there should be a matching PTR record," it is not an Internet Standard requirement, and not all IP addresses have a reverse entry.

Historical usage Edit

The modern "reverse DNS lookup" should not be confused with the now-obsolete "inverse query" (IQUERY) mechanism specified in RFC 1035:

Inverse queries take the form of a single resource record (RR) in the answer section of the message, with an empty question section. The owner name of the query RR and its time to live (TTL) are not significant. The response carries questions in the question section which identify all names possessing the query RR which the name server knows. Since no name server knows about all of the domain namespace, the response can never be assumed to be complete. Thus inverse queries are primarily useful for database management and debugging activities. Inverse queries are not an acceptable method of mapping host addresses to host names; use the in-addr.arpa domain instead.[2]

The IQUERY message type was always "optional"[2] and "never achieved widespread use";[3] it was "permanently retired"[3] in 2002 with the adoption of RFC 3425.

Implementation details Edit

IPv4 reverse resolution Edit

Reverse DNS lookups for IPv4 addresses use the special domain in-addr.arpa. In this domain, an IPv4 address is represented as a concatenated sequence of four decimal numbers, separated by dots, to which is appended the second level domain suffix .in-addr.arpa. The four decimal numbers are obtained by splitting the 32-bit IPv4 address into four octets and converting each octet into a decimal number. These decimal numbers are then concatenated in the order: least significant octet first (leftmost), to most significant octet last (rightmost). It is important to note that this is the reverse order to the usual dotted-decimal convention for writing IPv4 addresses in textual form.

For example, to do a reverse lookup of the IP address 8.8.4.4 the PTR record for the domain name 4.4.8.8.in-addr.arpa would be looked up, and found to point to dns.google.

If the A record for dns.google in turn pointed back to 8.8.4.4 then it would be said to be forward-confirmed.

Classless reverse DNS method Edit

Historically, Internet registries and Internet service providers allocated IP addresses in blocks of 256 (for Class C) or larger octet-based blocks for classes B and A. By definition, each block fell upon an octet boundary. The structure of the reverse DNS domain was based on this definition. However, with the introduction of Classless Inter-Domain Routing, IP addresses were allocated in much smaller blocks, and hence the original design of pointer records was impractical, since autonomy of administration of smaller blocks could not be granted. RFC 2317 devised a methodology to address this problem by using CNAME records.

IPv6 reverse resolution Edit

Reverse DNS lookups for IPv6 addresses use the special domain ip6.arpa (previously ip6.int[4]). An IPv6 address appears as a name in this domain as a sequence of nibbles in reverse order, represented as hexadecimal digits as subdomains. For example, the pointer domain name corresponding to the IPv6 address 2001:db8::567:89ab is b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.

Multiple pointer records Edit

While most rDNS entries only have one PTR record, DNS does not restrict the number. Multiple PTR records are used, for example, when a web server supports many virtual hosts— i.e. multiple hostnames then resolve to a single address, and multiple hostnames will be returned for a PTR lookup for that shared address. However, DNS lookups typically occur over UDP, and since UDP has a limited message size, in extreme cases, multiple PTRs could cause a DNS response to exceed those UDP limits.

Records other than PTR records Edit

Record types other than PTR records may also appear in the reverse DNS tree. For example, encryption keys may be placed there for IPsec, SSH and IKE. DNS-Based Service Discovery uses specially-named records in the reverse DNS tree to provide hints to clients about subnet-specific service discovery domains.[5] Less standardized usages include comments placed in TXT records and LOC records to identify the geophysical location of an IP address.

Uses Edit

The most common uses of the reverse DNS include:

  • The original use of the rDNS: network troubleshooting via tools such as traceroute, ping, and the "Received:" trace header field for SMTP e-mail, web sites tracking users (especially on Internet forums), etc.
  • One e-mail anti-spam technique: checking the domain names in the rDNS to see if they are likely from dialup users, or dynamically assigned addresses unlikely to be used by legitimate mail servers. Owners of such IP addresses typically assign them generic rDNS names such as "1-2-3-4-dynamic-ip.example.com." Some anti-spam filters assume that email that originates from such addresses is likely to be spam, and may refuse connection.[6][7]
  • A forward-confirmed reverse DNS (FCrDNS) verification can create a form of authentication showing a valid relationship between the owner of a domain name and the owner of the server that has been given an IP address. While not very thorough, this validation is strong enough to often be used for whitelisting purposes, since spammers and phishers usually cannot achieve forward validation when they use zombie computers to forge domain records.
  • System logging or monitoring tools often receive entries with the relevant devices specified only by IP addresses. To provide more human-usable data, these programs often perform a reverse lookup before writing the log, thus writing a name rather than the IP address.

References Edit

  1. ^ . Cloudflare. Archived from the original (html) on 30 March 2019. Retrieved 25 July 2019. A reverse DNS lookup is a DNS query for the domain name associated with a given IP address. This accomplishes the opposite of the more-commonly-used forward DNS lookup, in which the DNS is queried to return an IP address.
  2. ^ a b "RFC 1035 — Domain names - implementation and specification". November 1987. Retrieved 2017-12-28.
  3. ^ a b "RFC 3425 — Obsoleting IQUERY". November 2002. Retrieved 2017-12-28.
  4. ^ G. Huston (August 2005). Deprecation of "ip6.int". Network Working Group IETF. doi:10.17487/RFC4159. BCP 109. RFC 4159.
  5. ^ S. Cheshire; M. Krochmal (February 2013). DNS-Based Service Discovery. IETF. sec. 11. doi:10.17487/RFC6763. ISSN 2070-1721. RFC 6763.
  6. ^ spamhaus's FAQ
  7. ^ reference page from AOL December 10, 2006, at the Wayback Machine

October 24, 2023
reverse, lookup, rdns, redirects, here, nursing, services, australia, royal, district, nursing, service, confused, with, reverse, domain, name, notation, computer, networks, reverse, lookup, reverse, resolution, rdns, querying, technique, domain, name, system,. RDNS redirects here For nursing services in Australia see Royal District Nursing Service Not to be confused with Reverse domain name notation In computer networks a reverse DNS lookup or reverse DNS resolution rDNS is the querying technique of the Domain Name System DNS to determine the domain name associated with an IP address the reverse of the usual forward DNS lookup of an IP address from a domain name 1 The process of reverse resolving of an IP address uses PTR records rDNS involves searching domain name registry and registrar tables The reverse DNS database of the Internet is rooted in the arpa top level domain Although the informational RFC 1912 Section 2 1 recommends that every Internet reachable host should have a name and that for every IP address there should be a matching PTR record it is not an Internet Standard requirement and not all IP addresses have a reverse entry Contents 1 Historical usage 2 Implementation details 2 1 IPv4 reverse resolution 2 1 1 Classless reverse DNS method 2 2 IPv6 reverse resolution 2 3 Multiple pointer records 2 4 Records other than PTR records 3 Uses 4 ReferencesHistorical usage EditThe modern reverse DNS lookup should not be confused with the now obsolete inverse query IQUERY mechanism specified in RFC 1035 Inverse queries take the form of a single resource record RR in the answer section of the message with an empty question section The owner name of the query RR and its time to live TTL are not significant The response carries questions in the question section which identify all names possessing the query RR which the name server knows Since no name server knows about all of the domain namespace the response can never be assumed to be complete Thus inverse queries are primarily useful for database management and debugging activities Inverse queries are not an acceptable method of mapping host addresses to host names use the in addr arpa domain instead 2 The IQUERY message type was always optional 2 and never achieved widespread use 3 it was permanently retired 3 in 2002 with the adoption of RFC 3425 Implementation details EditIPv4 reverse resolution Edit Reverse DNS lookups for IPv4 addresses use the special domain in addr arpa In this domain an IPv4 address is represented as a concatenated sequence of four decimal numbers separated by dots to which is appended the second level domain suffix in addr arpa The four decimal numbers are obtained by splitting the 32 bit IPv4 address into four octets and converting each octet into a decimal number These decimal numbers are then concatenated in the order least significant octet first leftmost to most significant octet last rightmost It is important to note that this is the reverse order to the usual dotted decimal convention for writing IPv4 addresses in textual form For example to do a reverse lookup of the IP address 8 8 4 4 the PTR record for the domain name 4 4 8 8 in addr arpa would be looked up and found to point to dns google If the A record for dns google in turn pointed back to 8 8 4 4 then it would be said to be forward confirmed Classless reverse DNS method Edit Historically Internet registries and Internet service providers allocated IP addresses in blocks of 256 for Class C or larger octet based blocks for classes B and A By definition each block fell upon an octet boundary The structure of the reverse DNS domain was based on this definition However with the introduction of Classless Inter Domain Routing IP addresses were allocated in much smaller blocks and hence the original design of pointer records was impractical since autonomy of administration of smaller blocks could not be granted RFC 2317 devised a methodology to address this problem by using CNAME records IPv6 reverse resolution Edit Reverse DNS lookups for IPv6 addresses use the special domain ip6 arpa previously ip6 int 4 An IPv6 address appears as a name in this domain as a sequence of nibbles in reverse order represented as hexadecimal digits as subdomains For example the pointer domain name corresponding to the IPv6 address 2001 db8 567 89ab is b a 9 8 7 6 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 8 b d 0 1 0 0 2 ip6 arpa Multiple pointer records Edit While most rDNS entries only have one PTR record DNS does not restrict the number Multiple PTR records are used for example when a web server supports many virtual hosts i e multiple hostnames then resolve to a single address and multiple hostnames will be returned for a PTR lookup for that shared address However DNS lookups typically occur over UDP and since UDP has a limited message size in extreme cases multiple PTRs could cause a DNS response to exceed those UDP limits Records other than PTR records Edit Record types other than PTR records may also appear in the reverse DNS tree For example encryption keys may be placed there for IPsec SSH and IKE DNS Based Service Discovery uses specially named records in the reverse DNS tree to provide hints to clients about subnet specific service discovery domains 5 Less standardized usages include comments placed in TXT records and LOC records to identify the geophysical location of an IP address Uses EditThe most common uses of the reverse DNS include The original use of the rDNS network troubleshooting via tools such as traceroute ping and the Received trace header field for SMTP e mail web sites tracking users especially on Internet forums etc One e mail anti spam technique checking the domain names in the rDNS to see if they are likely from dialup users or dynamically assigned addresses unlikely to be used by legitimate mail servers Owners of such IP addresses typically assign them generic rDNS names such as 1 2 3 4 dynamic ip example com Some anti spam filters assume that email that originates from such addresses is likely to be spam and may refuse connection 6 7 A forward confirmed reverse DNS FCrDNS verification can create a form of authentication showing a valid relationship between the owner of a domain name and the owner of the server that has been given an IP address While not very thorough this validation is strong enough to often be used for whitelisting purposes since spammers and phishers usually cannot achieve forward validation when they use zombie computers to forge domain records System logging or monitoring tools often receive entries with the relevant devices specified only by IP addresses To provide more human usable data these programs often perform a reverse lookup before writing the log thus writing a name rather than the IP address References Edit Reverse DNS Cloudflare Archived from the original html on 30 March 2019 Retrieved 25 July 2019 A reverse DNS lookup is a DNS query for the domain name associated with a given IP address This accomplishes the opposite of the more commonly used forward DNS lookup in which the DNS is queried to return an IP address a b RFC 1035 Domain names implementation and specification November 1987 Retrieved 2017 12 28 a b RFC 3425 Obsoleting IQUERY November 2002 Retrieved 2017 12 28 G Huston August 2005 Deprecation of ip6 int Network Working Group IETF doi 10 17487 RFC4159 BCP 109 RFC 4159 S Cheshire M Krochmal February 2013 DNS Based Service Discovery IETF sec 11 doi 10 17487 RFC6763 ISSN 2070 1721 RFC 6763 spamhaus s FAQ reference page from AOL Archived December 10 2006 at the Wayback Machine Retrieved from https en wikipedia org w index php title Reverse DNS lookup amp oldid 1178656174, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.