version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=w3m/0.5.3+git20210102 author=jrmu charset=UTF-8 csum= ctime=1627886613 host=38.87.162.8 name=DNS.RDNS rev=6 targets=DNS.Mail,Dns.Vhost,DNS.Ipv4rDNS text=(:title Reverse DNS:)%0a%0a!! Overview%0a%0aDNS helps us lookup the IP address of a name like @@example.com@@. But sometimes, we need to do the reverse: we need to figure out the name of an IP address.%0a%0aFor example, suppose we are given the IP address 192.0.2.1. What is the domain of that IP address?%0a%0aFinding the domain of an IP address is called reverse DNS (rDNS) lookup, and a system was created to help match every IP address with a domain name through the use of PTR (pointer) records.%0a%0a!! Uses%0a%0arDNS is used:%0a%0a# to prove that your mail server is [[DNS/mail|not spam]]%0a# in diagnostic tools like traceroute%0a# to provide a [[dns/vhost|vhost]] for identification on IRC%0a%0aEvery IP address should have a matching rDNS entry.%0a%0a!! IPv4 rDNS%0a%0aInformation for rDNS lookup is stored in the .arpa top-level domain. For IPv4 addresses, the information is stored in in-addr.arpa.%0ausing this format:%0a[@%0a%3cip address>%0a%3creverse of ip address>%0a%3creverse of ip address>.in-addr.arpa.%0a@]%0a%0aHere is an example:%0a%0a[@%0a192.0.2.1 # Original four numbers, separated by dots%0a1.2.0.192 # Reverse the four numbers%0a1.2.0.192.in-addr.arpa. # Add .in-addr.arpa.%0a@]%0a%0aSo the domain for 192.0.2.1 would be found in the PTR record for 1.2.0.192.in-addr.arpa.%0a%0aAs another example, suppose we want to do a reverse lookup of the IP address 209.141.39.173:%0a%0a[@%0a209.141.39.173 # Original four numbers, separated by dots%0a173.39.141.209 # Reverse the four numbers%0a173.39.141.209.in-addr.arpa. # Add .in-addr.arpa.%0a@]%0a%0aWe lookup the PTR record for 173.39.141.209.in-addr.arpa, which is ircnow.org.%0a%0a!! Forward confirmed DNS (fcDNS)%0a%0aThe normal DNS and reverse DNS should match. If the A record for ircnow.org points to 209.141.39.173 (which it does), then the IP address is also forward-confirmed.%0a%0a!! IPv6 rDNS%0a%0arDNS works similarly for IPv6 addresses. For example, suppose you have the IPv6 address 2001:db8::c001:d00d. To find the domain, we first fill in all the missing zeros, remove the colons, put dots between each digit, then reverse the digits, then add .ip6.arpa.:%0a%0a[@%0a2001:db8::c001:d00d # Original IPv6 Address%0a2001:0db8:0000:0000:0000:0000:c001:d00d # Fill in missing zeros (32 hex digits total)%0a2.0.0.1.0.d.b.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.0.1.d.0.0.d # Remove colons : and put periods between digits%0ad.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2 # Reverse digits%0ad.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. # Add .ip6.arpa.%0a@]%0a%0aFinally, we look up the PTR record for d.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. to find the domain.%0a%0aGenerally, an IP address should only have one PTR record. So, while many domains may resolve to a single IP address, an IP address can only resolve to one domain.%0a%0a!! Why Reverse?%0a%0aWe reverse the digits when performing reverse DNS lookup because DNS is like a tree, with the highest nodes coming at the end, and the lowest nodes in the beginning.%0a%0aFor example, for the domain @@www.example.com@@, the highest node is root ., followed by com, then example, then www%0a%0a[@%0a. # Highest node%0acom%0aexample%0awww # Lowest node%0a@]%0a%0aSo you see, for a domain name, the lowest node is written first and the highest node written last.%0a%0aFor a reverse lookup, we want to structure the PTR records in the same way, with the lowest node written first and the highest node written last. So we reverse the order of the numbers in the IP address.%0a%0aIf you don't define a reverse DNS entry, your ISP or service provider may define one for you:%0a%0a[@%0a$ host 192.168.0.1%0a1.0.169.192.in-addr.arpa domain name pointer 1-0-168-192.wifi.dynamic.isp.com.%0a@]%0a%0aThis reverse DNS entry looks like it was automatically generated for a residential ISP. Mail providers often rely on this to mark email coming from this IP as [[DNS/mail|spam]]. Unfortunately, most residential ISPs do not allow you to configure your rDNS, which is why you will want to use a VPS or dedicated server for sending mail. VPSes and server hosts will generally allow you to configure your [[DNS.Ipv4rDNS|IPv4]] and [[DNS.Ipv4rDNS|IPv6 rDNS]].%0a time=1629674413 title=Reverse DNS author:1629674413=jrmu diff:1629674413:1629670011:=95c95%0a%3c This reverse DNS entry looks like it was automatically generated for a residential ISP. Mail providers often rely on this to mark email coming from this IP as [[DNS/mail|spam]]. Unfortunately, most residential ISPs do not allow you to configure your rDNS, which is why you will want to use a VPS or dedicated server for sending mail. VPSes and server hosts will generally allow you to configure your [[DNS.Ipv4rDNS|IPv4]] and [[DNS.Ipv4rDNS|IPv6 rDNS]].%0a---%0a> This reverse DNS entry looks like it was automatically generated for a residential ISP. Mail providers often rely on this to mark email coming from this IP as [[DNS/mail|spam]]. Unfortunately, most residential ISPs do not allow you to configure your rDNS, which is why you will want to use a VPS or dedicated server for sending mail. VPSes and server hosts will generally allow you to configure your [[DNS.Ipv4rDNS/IPv4]] and [[DNS.Ipv4rDNS/IPv6 rDNS]].%0a host:1629674413=38.87.162.8 author:1629670011=mkf diff:1629670011:1629667001:=24,31c24,25%0a%3c using this format:%0a%3c [@%0a%3c %3cip address>%0a%3c %3creverse of ip address>%0a%3c %3creverse of ip address>.in-addr.arpa.%0a%3c @]%0a%3c %0a%3c Here is an example:%0a---%0a> %0a> If you recall, an IPv4 address is made up of four numbers separated by dots. To find the domain, write the numbers in reverse order, then add .in-addr.arpa.:%0a host:1629670011=198.251.81.133 author:1629667001=mkf diff:1629667001:1629666963:=89c89%0a%3c This reverse DNS entry looks like it was automatically generated for a residential ISP. Mail providers often rely on this to mark email coming from this IP as [[DNS/mail|spam]]. Unfortunately, most residential ISPs do not allow you to configure your rDNS, which is why you will want to use a VPS or dedicated server for sending mail. VPSes and server hosts will generally allow you to configure your [[DNS.Ipv4rDNS/IPv4]] and [[DNS.Ipv4rDNS/IPv6 rDNS]].%0a---%0a> This reverse DNS entry looks like it was automatically generated for a residential ISP. Mail providers often rely on this to mark email coming from this IP as [[dns/mail|spam]]. Unfortunately, most residential ISPs do not allow you to configure your rDNS, which is why you will want to use a VPS or dedicated server for sending mail. VPSes and server hosts will generally allow you to configure your [[DNS.Ipv4rDNS/IPv4]] and [[DNS.Ipv4rDNS/IPv6 rDNS]].%0a host:1629667001=198.251.81.133 author:1629666963=mkf diff:1629666963:1627888870:=15c15%0a%3c # to prove that your mail server is [[DNS/mail|not spam]]%0a---%0a> # to prove that your mail server is [[dns/mail|not spam]]%0a host:1629666963=198.251.81.133 author:1627888870=jrmu diff:1627888870:1627886613:=64,89d63%0a%3c %0a%3c !! Why Reverse?%0a%3c %0a%3c We reverse the digits when performing reverse DNS lookup because DNS is like a tree, with the highest nodes coming at the end, and the lowest nodes in the beginning.%0a%3c %0a%3c For example, for the domain @@www.example.com@@, the highest node is root ., followed by com, then example, then www%0a%3c %0a%3c [@%0a%3c . # Highest node%0a%3c com%0a%3c example%0a%3c www # Lowest node%0a%3c @]%0a%3c %0a%3c So you see, for a domain name, the lowest node is written first and the highest node written last.%0a%3c %0a%3c For a reverse lookup, we want to structure the PTR records in the same way, with the lowest node written first and the highest node written last. So we reverse the order of the numbers in the IP address.%0a%3c %0a%3c If you don't define a reverse DNS entry, your ISP or service provider may define one for you:%0a%3c %0a%3c [@%0a%3c $ host 192.168.0.1%0a%3c 1.0.169.192.in-addr.arpa domain name pointer 1-0-168-192.wifi.dynamic.isp.com.%0a%3c @]%0a%3c %0a%3c This reverse DNS entry looks like it was automatically generated for a residential ISP. Mail providers often rely on this to mark email coming from this IP as [[dns/mail|spam]]. Unfortunately, most residential ISPs do not allow you to configure your rDNS, which is why you will want to use a VPS or dedicated server for sending mail. VPSes and server hosts will generally allow you to configure your [[DNS.Ipv4rDNS/IPv4]] and [[DNS.Ipv4rDNS/IPv6 rDNS]].%0a host:1627888870=38.87.162.8 author:1627886613=jrmu diff:1627886613:1627886613:=1,63d0%0a%3c (:title Reverse DNS:)%0a%3c %0a%3c !! Overview%0a%3c %0a%3c DNS helps us lookup the IP address of a name like @@example.com@@. But sometimes, we need to do the reverse: we need to figure out the name of an IP address.%0a%3c %0a%3c For example, suppose we are given the IP address 192.0.2.1. What is the domain of that IP address?%0a%3c %0a%3c Finding the domain of an IP address is called reverse DNS (rDNS) lookup, and a system was created to help match every IP address with a domain name through the use of PTR (pointer) records.%0a%3c %0a%3c !! Uses%0a%3c %0a%3c rDNS is used:%0a%3c %0a%3c # to prove that your mail server is [[dns/mail|not spam]]%0a%3c # in diagnostic tools like traceroute%0a%3c # to provide a [[dns/vhost|vhost]] for identification on IRC%0a%3c %0a%3c Every IP address should have a matching rDNS entry.%0a%3c %0a%3c !! IPv4 rDNS%0a%3c %0a%3c Information for rDNS lookup is stored in the .arpa top-level domain. For IPv4 addresses, the information is stored in in-addr.arpa.%0a%3c %0a%3c If you recall, an IPv4 address is made up of four numbers separated by dots. To find the domain, write the numbers in reverse order, then add .in-addr.arpa.:%0a%3c %0a%3c [@%0a%3c 192.0.2.1 # Original four numbers, separated by dots%0a%3c 1.2.0.192 # Reverse the four numbers%0a%3c 1.2.0.192.in-addr.arpa. # Add .in-addr.arpa.%0a%3c @]%0a%3c %0a%3c So the domain for 192.0.2.1 would be found in the PTR record for 1.2.0.192.in-addr.arpa.%0a%3c %0a%3c As another example, suppose we want to do a reverse lookup of the IP address 209.141.39.173:%0a%3c %0a%3c [@%0a%3c 209.141.39.173 # Original four numbers, separated by dots%0a%3c 173.39.141.209 # Reverse the four numbers%0a%3c 173.39.141.209.in-addr.arpa. # Add .in-addr.arpa.%0a%3c @]%0a%3c %0a%3c We lookup the PTR record for 173.39.141.209.in-addr.arpa, which is ircnow.org.%0a%3c %0a%3c !! Forward confirmed DNS (fcDNS)%0a%3c %0a%3c The normal DNS and reverse DNS should match. If the A record for ircnow.org points to 209.141.39.173 (which it does), then the IP address is also forward-confirmed.%0a%3c %0a%3c !! IPv6 rDNS%0a%3c %0a%3c rDNS works similarly for IPv6 addresses. For example, suppose you have the IPv6 address 2001:db8::c001:d00d. To find the domain, we first fill in all the missing zeros, remove the colons, put dots between each digit, then reverse the digits, then add .ip6.arpa.:%0a%3c %0a%3c [@%0a%3c 2001:db8::c001:d00d # Original IPv6 Address%0a%3c 2001:0db8:0000:0000:0000:0000:c001:d00d # Fill in missing zeros (32 hex digits total)%0a%3c 2.0.0.1.0.d.b.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.0.1.d.0.0.d # Remove colons : and put periods between digits%0a%3c d.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2 # Reverse digits%0a%3c d.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. # Add .ip6.arpa.%0a%3c @]%0a%3c %0a%3c Finally, we look up the PTR record for d.0.0.d.1.0.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. to find the domain.%0a%3c %0a%3c Generally, an IP address should only have one PTR record. So, while many domains may resolve to a single IP address, an IP address can only resolve to one domain.%0a host:1627886613=38.87.162.8