Solved

dns reverse lookup

Posted on 2015-02-05
6
114 Views
Last Modified: 2015-02-16
Can somebody educate me on the dns reverse lookup? What is it and why do we need it? Thank you.
0
Comment
Question by:leblanc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Assisted Solution

by:Leo
Leo earned 100 total points
ID: 40592663
Reverse DNS is IP address to domain name mapping - the opposite of forward (normal) DNS which maps domain names to IP addresses.

Reverse DNS is separate from forward DNS.
Forward DNS for "abc.com" pointing to IP address "1.2.3.4", does not necessarily mean that reverse DNS for IP "1.2.3.4" also points to "abc.com".
This comes from two separate sets of data.

A special PTR-record type is used to store reverse DNS entries. The name of the PTR-record is the IP address with the segments reversed + ".in-addr.arpa".
For example the reverse DNS entry for IP 1.2.3.4 would be stored as a PTR-record for "4.3.2.1.in-addr.arpa".

Reverse DNS is also different from forward DNS in who points the zone (domain name) to your DNS server.
With forward DNS, you point the zone to your DNS server by registering that domain name with a registrar.
With reverse DNS, your Internet connection provider (ISP) must point (or "sub-delegate") the zone ("....in-addr.arpa") to your DNS server.
Without this sub-delegation from your ISP, your reverse zone will not work.

For examples on Reverse DNS, kindly see this link.....

https://www.ntchosting.com/encyclopedia/dns/reverse-dns/#The_Reverse_DNS 

There are tools as well, which can lookup for reverse DNS....

http://www.dnsstuff.com/docs/ptr/

http://mxtoolbox.com/ReverseLookup.aspx
0
 
LVL 26

Accepted Solution

by:
pony10us earned 100 total points
ID: 40592683
Good explanation of what it is but to answer the second part

...and why do we need it

1. If you are looking at the logs for say a firewall it will be in IP's (1.2.3.4) so you want to find out who is trying to access your network you need to convert the IP (1.2.3.4) to a domain (my.domain.com)

2. I have seen where doing an NSLookup on a domain (my.domain.com) will return one IP address (1.2.3.4) but doing an NSLookup on the IP address (1.2.3.4) will return a different domain (notmy.domain.com). This could be due to an alias domain (my.domain.com) pointing to the same IP address (1.2.3.4) as the actual domain (notmy.domain.com)  This is used mostly on internal networks when you replace a device and get a new IP/domain but want to point the old domain to the new address to make it easier than trying to change all the hooks that point to the old domain.  Lazy but still done.  :)
0
 
LVL 40

Assisted Solution

by:footech
footech earned 200 total points
ID: 40592984
In furtherance of "why do we need it".  There are times when it's just nice to have, there are others when it is essential.  Typically for email delivery reverse records become very important.  Having the right relationship between A records, PTR records, and SMTP banners makes it much more likely that email sent from your server will not be blocked or treated as spam.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 1

Author Comment

by:leblanc
ID: 40593711
Thank you very much for the explanation. Now I have a question. My domain name (or subdomain I should say) is sslvpn.mydomain.com and it is associated to 1.1.2.2. I did a nslookup to 8.8.8.8 on my 1.1.2.2, it gives me a Comcast generic name:

>1.1.2.2
Server: google-public...
Address: 8.8.8.8

Name: 1.1.2.2-static.comcastbusiness.net.
Address: 1.1.2.2

Then I did a lookup on sslvpn.mydomain.com and I got:
>sslvpn.mydomain.com
Server: google-public...
Address: 8.8.8.8

Name: sslvpn.mydomain.com
Address: 1.1.2.2

I'd like to know why there is a difference in the name between my real subdomain name & the Comcast name when I did a lookup between an IP addrses and my subdomain. Is it possible to get the correct Name when I input my subdomain IP address? In other words, is it possible to get the Name sslvpn.mydomain.com instead of the Comcast name when I enter 1.1.2.2? Thx
0
 
LVL 40

Assisted Solution

by:footech
footech earned 200 total points
ID: 40593921
In the first one you're querying for a PTR record, in the second you are querying for an A record.  This is what Striker007 described - you have to have Comcast configure the PTR record for your IP to point to "sslvpn.mydomain.com" instead of the default value that Comcast has given it.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 100 total points
ID: 40594263
Typically the owner of a domain either runs the DNS server that provides name resolution for that domain, or they have management interface to the DNS server so they can maintain host names.  So in your case you either run, or have access to add/delete/modify DNS entries for the domain "mydomain.com".

For PRT records, the company has has been assigned an IP subnet directly by a regional Internet registrar, such as ARIN,  maintains the PRT records for the addresses it has been assigned.  

Some ISP's will delegate the management of the PTR records to the companies they sub-assign IP addresses too.  In your case Comcast is responsible for the PTR record.   If this is a static record and they have not delegated the management of PTR records to you, then as footech stated, you can ask them to change the PTR record to the host name you want it to be.

Some services, SMTP and SSH are two that come to mind,  do reverse lookups.  As footech stated, some SMTP servers will do this to verify that the host name the address maps to is within the domain that it is sending e-mail from.  SSH servers do this because some SSH servers are configured to restrict/check access by host name.

I know there are a few other servers services that do reverse looks for other reasons.  Apache will doa reverse lookup if you code a host name in it configuration.  Once it gets a valid response back it will then does a open specific for that address to start listening on.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question