Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 125
  • Last Modified:

dns reverse lookup

Can somebody educate me on the dns reverse lookup? What is it and why do we need it? Thank you.
0
leblanc
Asked:
leblanc
5 Solutions
 
LeoCommented:
Reverse DNS is IP address to domain name mapping - the opposite of forward (normal) DNS which maps domain names to IP addresses.

Reverse DNS is separate from forward DNS.
Forward DNS for "abc.com" pointing to IP address "1.2.3.4", does not necessarily mean that reverse DNS for IP "1.2.3.4" also points to "abc.com".
This comes from two separate sets of data.

A special PTR-record type is used to store reverse DNS entries. The name of the PTR-record is the IP address with the segments reversed + ".in-addr.arpa".
For example the reverse DNS entry for IP 1.2.3.4 would be stored as a PTR-record for "4.3.2.1.in-addr.arpa".

Reverse DNS is also different from forward DNS in who points the zone (domain name) to your DNS server.
With forward DNS, you point the zone to your DNS server by registering that domain name with a registrar.
With reverse DNS, your Internet connection provider (ISP) must point (or "sub-delegate") the zone ("....in-addr.arpa") to your DNS server.
Without this sub-delegation from your ISP, your reverse zone will not work.

For examples on Reverse DNS, kindly see this link.....

https://www.ntchosting.com/encyclopedia/dns/reverse-dns/#The_Reverse_DNS 

There are tools as well, which can lookup for reverse DNS....

http://www.dnsstuff.com/docs/ptr/

http://mxtoolbox.com/ReverseLookup.aspx
0
 
pony10usCommented:
Good explanation of what it is but to answer the second part

...and why do we need it

1. If you are looking at the logs for say a firewall it will be in IP's (1.2.3.4) so you want to find out who is trying to access your network you need to convert the IP (1.2.3.4) to a domain (my.domain.com)

2. I have seen where doing an NSLookup on a domain (my.domain.com) will return one IP address (1.2.3.4) but doing an NSLookup on the IP address (1.2.3.4) will return a different domain (notmy.domain.com). This could be due to an alias domain (my.domain.com) pointing to the same IP address (1.2.3.4) as the actual domain (notmy.domain.com)  This is used mostly on internal networks when you replace a device and get a new IP/domain but want to point the old domain to the new address to make it easier than trying to change all the hooks that point to the old domain.  Lazy but still done.  :)
0
 
footechCommented:
In furtherance of "why do we need it".  There are times when it's just nice to have, there are others when it is essential.  Typically for email delivery reverse records become very important.  Having the right relationship between A records, PTR records, and SMTP banners makes it much more likely that email sent from your server will not be blocked or treated as spam.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
leblancAccountingAuthor Commented:
Thank you very much for the explanation. Now I have a question. My domain name (or subdomain I should say) is sslvpn.mydomain.com and it is associated to 1.1.2.2. I did a nslookup to 8.8.8.8 on my 1.1.2.2, it gives me a Comcast generic name:

>1.1.2.2
Server: google-public...
Address: 8.8.8.8

Name: 1.1.2.2-static.comcastbusiness.net.
Address: 1.1.2.2

Then I did a lookup on sslvpn.mydomain.com and I got:
>sslvpn.mydomain.com
Server: google-public...
Address: 8.8.8.8

Name: sslvpn.mydomain.com
Address: 1.1.2.2

I'd like to know why there is a difference in the name between my real subdomain name & the Comcast name when I did a lookup between an IP addrses and my subdomain. Is it possible to get the correct Name when I input my subdomain IP address? In other words, is it possible to get the Name sslvpn.mydomain.com instead of the Comcast name when I enter 1.1.2.2? Thx
0
 
footechCommented:
In the first one you're querying for a PTR record, in the second you are querying for an A record.  This is what Striker007 described - you have to have Comcast configure the PTR record for your IP to point to "sslvpn.mydomain.com" instead of the default value that Comcast has given it.
0
 
giltjrCommented:
Typically the owner of a domain either runs the DNS server that provides name resolution for that domain, or they have management interface to the DNS server so they can maintain host names.  So in your case you either run, or have access to add/delete/modify DNS entries for the domain "mydomain.com".

For PRT records, the company has has been assigned an IP subnet directly by a regional Internet registrar, such as ARIN,  maintains the PRT records for the addresses it has been assigned.  

Some ISP's will delegate the management of the PTR records to the companies they sub-assign IP addresses too.  In your case Comcast is responsible for the PTR record.   If this is a static record and they have not delegated the management of PTR records to you, then as footech stated, you can ask them to change the PTR record to the host name you want it to be.

Some services, SMTP and SSH are two that come to mind,  do reverse lookups.  As footech stated, some SMTP servers will do this to verify that the host name the address maps to is within the domain that it is sending e-mail from.  SSH servers do this because some SSH servers are configured to restrict/check access by host name.

I know there are a few other servers services that do reverse looks for other reasons.  Apache will doa reverse lookup if you code a host name in it configuration.  Once it gets a valid response back it will then does a open specific for that address to start listening on.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now