Solved

dns reverse lookup

Posted on 2015-02-05
6
95 Views
Last Modified: 2015-02-16
Can somebody educate me on the dns reverse lookup? What is it and why do we need it? Thank you.
0
Comment
Question by:leblanc
6 Comments
 
LVL 8

Assisted Solution

by:Leo
Leo earned 100 total points
ID: 40592663
Reverse DNS is IP address to domain name mapping - the opposite of forward (normal) DNS which maps domain names to IP addresses.

Reverse DNS is separate from forward DNS.
Forward DNS for "abc.com" pointing to IP address "1.2.3.4", does not necessarily mean that reverse DNS for IP "1.2.3.4" also points to "abc.com".
This comes from two separate sets of data.

A special PTR-record type is used to store reverse DNS entries. The name of the PTR-record is the IP address with the segments reversed + ".in-addr.arpa".
For example the reverse DNS entry for IP 1.2.3.4 would be stored as a PTR-record for "4.3.2.1.in-addr.arpa".

Reverse DNS is also different from forward DNS in who points the zone (domain name) to your DNS server.
With forward DNS, you point the zone to your DNS server by registering that domain name with a registrar.
With reverse DNS, your Internet connection provider (ISP) must point (or "sub-delegate") the zone ("....in-addr.arpa") to your DNS server.
Without this sub-delegation from your ISP, your reverse zone will not work.

For examples on Reverse DNS, kindly see this link.....

https://www.ntchosting.com/encyclopedia/dns/reverse-dns/#The_Reverse_DNS

There are tools as well, which can lookup for reverse DNS....

http://www.dnsstuff.com/docs/ptr/

http://mxtoolbox.com/ReverseLookup.aspx
0
 
LVL 26

Accepted Solution

by:
pony10us earned 100 total points
ID: 40592683
Good explanation of what it is but to answer the second part

...and why do we need it

1. If you are looking at the logs for say a firewall it will be in IP's (1.2.3.4) so you want to find out who is trying to access your network you need to convert the IP (1.2.3.4) to a domain (my.domain.com)

2. I have seen where doing an NSLookup on a domain (my.domain.com) will return one IP address (1.2.3.4) but doing an NSLookup on the IP address (1.2.3.4) will return a different domain (notmy.domain.com). This could be due to an alias domain (my.domain.com) pointing to the same IP address (1.2.3.4) as the actual domain (notmy.domain.com)  This is used mostly on internal networks when you replace a device and get a new IP/domain but want to point the old domain to the new address to make it easier than trying to change all the hooks that point to the old domain.  Lazy but still done.  :)
0
 
LVL 39

Assisted Solution

by:footech
footech earned 200 total points
ID: 40592984
In furtherance of "why do we need it".  There are times when it's just nice to have, there are others when it is essential.  Typically for email delivery reverse records become very important.  Having the right relationship between A records, PTR records, and SMTP banners makes it much more likely that email sent from your server will not be blocked or treated as spam.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:leblanc
ID: 40593711
Thank you very much for the explanation. Now I have a question. My domain name (or subdomain I should say) is sslvpn.mydomain.com and it is associated to 1.1.2.2. I did a nslookup to 8.8.8.8 on my 1.1.2.2, it gives me a Comcast generic name:

>1.1.2.2
Server: google-public...
Address: 8.8.8.8

Name: 1.1.2.2-static.comcastbusiness.net.
Address: 1.1.2.2

Then I did a lookup on sslvpn.mydomain.com and I got:
>sslvpn.mydomain.com
Server: google-public...
Address: 8.8.8.8

Name: sslvpn.mydomain.com
Address: 1.1.2.2

I'd like to know why there is a difference in the name between my real subdomain name & the Comcast name when I did a lookup between an IP addrses and my subdomain. Is it possible to get the correct Name when I input my subdomain IP address? In other words, is it possible to get the Name sslvpn.mydomain.com instead of the Comcast name when I enter 1.1.2.2? Thx
0
 
LVL 39

Assisted Solution

by:footech
footech earned 200 total points
ID: 40593921
In the first one you're querying for a PTR record, in the second you are querying for an A record.  This is what Striker007 described - you have to have Comcast configure the PTR record for your IP to point to "sslvpn.mydomain.com" instead of the default value that Comcast has given it.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 100 total points
ID: 40594263
Typically the owner of a domain either runs the DNS server that provides name resolution for that domain, or they have management interface to the DNS server so they can maintain host names.  So in your case you either run, or have access to add/delete/modify DNS entries for the domain "mydomain.com".

For PRT records, the company has has been assigned an IP subnet directly by a regional Internet registrar, such as ARIN,  maintains the PRT records for the addresses it has been assigned.  

Some ISP's will delegate the management of the PTR records to the companies they sub-assign IP addresses too.  In your case Comcast is responsible for the PTR record.   If this is a static record and they have not delegated the management of PTR records to you, then as footech stated, you can ask them to change the PTR record to the host name you want it to be.

Some services, SMTP and SSH are two that come to mind,  do reverse lookups.  As footech stated, some SMTP servers will do this to verify that the host name the address maps to is within the domain that it is sending e-mail from.  SSH servers do this because some SSH servers are configured to restrict/check access by host name.

I know there are a few other servers services that do reverse looks for other reasons.  Apache will doa reverse lookup if you code a host name in it configuration.  Once it gets a valid response back it will then does a open specific for that address to start listening on.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now