Reverse DNS (rDNS)

The Domain Name System (DNS) is one of the most important elements of the internet. In fact, it would be far more com­pli­cat­ed to use the world’s open computer network without DNS and its com­bi­na­tion of name servers. The hi­er­ar­chi­cal directory system is re­spon­si­ble for managing the addresses of projects on the World Wide Web: When reg­is­ter­ing a website in the DNS, an entry is created that contains an easily legible domain address as well as the as­so­ci­at­ed numerical IP address. We are therefore able to type in familiar addresses like example.com into the browser and reach the relevant website, since these domain addresses are au­to­mat­i­cal­ly trans­lat­ed into the cor­re­spond­ing IP address by a DNS server in the back­ground.

In certain cases, however, it can make sense to take the reverse approach – i.e. to determine the domain address or hostname for a par­tic­u­lar IP address. This is called a reverse DNS (rDNS) or reverse DNS lookup. Read this guide to learn more about how it works.

A reverse DNS (rDNS) or reverse DNS lookup concerns a DNS request that can be used to determine a certain domain name or hostname for an IP address. This requires that a PTR record (pointer entry) exists for the queried internet address, which refers to the name and enables a reverse request in the Domain Name System. The various internet providers are re­spon­si­ble for or­ga­niz­ing these entries contained in their own domain. Changes to these pointers are therefore only possible in con­sul­ta­tion with the provider.

Like standard requests, a reverse DNS not only provides the desired name or IP address but also some ad­di­tion­al in­for­ma­tion. Besides the hostname, a lookup reveals the ge­o­graph­i­cal as­sign­ment of the IP address as well as in­for­ma­tion about the re­spon­si­ble internet provider, for example. This in­for­ma­tion has little value for analyzing private users, since the au­to­mat­i­cal­ly generated names behind the user IPs do not enable personal iden­ti­fi­ca­tion – which would be relevant for marketing purposes. However, users’ lo­cal­iza­tion data can certainly be utilized to obtain in­for­ma­tion about desired target markets.

The in­for­ma­tion provided by reverse DNS lookups are much more useful for B2B marketing: Most companies have their own IP address, making it typically possible for you to ascertain when a par­tic­u­lar company is using your web offering.

If you know the IP address for a device or server on the internet, it would be very time-consuming if a reverse DNS lookup always had to look through the entire Domain Name System for this IP. For reverse DNS requests, a dedicated domain – in-addr.arpa (for IPv4 addresses) and ip6.arpa (for IPv6 addresses) – was therefore set up with three sub­do­mains that enables the address to be resolved in no more than three steps. The sub­do­mains are divided as follows:

• rDNS subdomain 1: The subdomain that directly follows in-addr.arpa or ip6.arpa rep­re­sents the first component of the IP address.
• rDNS subdomain 2: The second component of the IP address is found on the second level.
• rDNS subdomain 3: Subdomain 3 of rDNS contains the third component of the re­spec­tive IP address.

The in­di­vid­ual com­po­nents of the IP address are arranged in reverse order, or analogous to their proximity to the left of the main domain. For example, the rDNS subdomain of the third level for all IPv4 addresses or the address space 192.0.2.x is therefore as follows:

The easiest way to il­lus­trate how the reverse DNS domain works is to consider a short example request. The request for the IPv4 address 217.160.0.128 would need to look as follows:

If you start this request using a reverse DNS lookup tool, you’ll receive the result below:

The displayed domain (elastic-ssl.ui-r.com) is operated by IONOS – in this case, it’s a test website hosted on IONOS servers. This in­for­ma­tion is au­to­mat­i­cal­ly included in many lookup tools.

The website can also be reached via the IPv6 address 2001:8d8:100f:f000::2e3; the rDNS lookup for this would be:

Most Linux, Windows and macOS systems have already an in­te­grat­ed tool with nslookup that allows any requests to be sent to the Domain Name System. You can therefore use this program to execute both standard DNS requests as well as reverse DNS lookups, whereby the local DNS server defined by the provider is contacted by default. But another name server can be defined, if necessary.

Al­ter­na­tive­ly, you can perform rDNS address requests via the web. There are many online tools available based on nslookup, which allow you to submit DNS server requests directly in the browser. Here are three such solutions:

• MxToolBox: MxToolBox is an online service that provides a range of network di­ag­nos­tics and lookup tools. While some of these functions are subject to a charge, the reverse DNS check using the SuperTool is always free. To use it, simply select the option “Reverse Lookup” and enter either an IPv4 or IPv6 address.
• WhatIsMyIP.com: Not only can you check your IP address on WhatIsMyIP.com – as the name suggests – you can also execute rDNS requests. Select the “Reverse DNS Lookup” option, type the IPv4 or IPv6 address into the entry field, and press “Lookup”.
• Debouncer: The Debouncer web service is aimed specif­i­cal­ly at anyone who wants to check whether their own domain or mail server is on a spam blacklist. For this purpose, the “Reverse DNS check” also allows reverse DNS requests. However, it is only possible to check IPv4 addresses.

Click here for important legal dis­claimers.