Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

dns reverse lookup

Posted on 2015-02-05
6
Medium Priority
?
123 Views
Last Modified: 2015-02-16
Can somebody educate me on the dns reverse lookup? What is it and why do we need it? Thank you.
0
Comment
Question by:leblanc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Assisted Solution

by:Leo
Leo earned 400 total points
ID: 40592663
Reverse DNS is IP address to domain name mapping - the opposite of forward (normal) DNS which maps domain names to IP addresses.

Reverse DNS is separate from forward DNS.
Forward DNS for "abc.com" pointing to IP address "1.2.3.4", does not necessarily mean that reverse DNS for IP "1.2.3.4" also points to "abc.com".
This comes from two separate sets of data.

A special PTR-record type is used to store reverse DNS entries. The name of the PTR-record is the IP address with the segments reversed + ".in-addr.arpa".
For example the reverse DNS entry for IP 1.2.3.4 would be stored as a PTR-record for "4.3.2.1.in-addr.arpa".

Reverse DNS is also different from forward DNS in who points the zone (domain name) to your DNS server.
With forward DNS, you point the zone to your DNS server by registering that domain name with a registrar.
With reverse DNS, your Internet connection provider (ISP) must point (or "sub-delegate") the zone ("....in-addr.arpa") to your DNS server.
Without this sub-delegation from your ISP, your reverse zone will not work.

For examples on Reverse DNS, kindly see this link.....

https://www.ntchosting.com/encyclopedia/dns/reverse-dns/#The_Reverse_DNS 

There are tools as well, which can lookup for reverse DNS....

http://www.dnsstuff.com/docs/ptr/

http://mxtoolbox.com/ReverseLookup.aspx
0
 
LVL 26

Accepted Solution

by:
pony10us earned 400 total points
ID: 40592683
Good explanation of what it is but to answer the second part

...and why do we need it

1. If you are looking at the logs for say a firewall it will be in IP's (1.2.3.4) so you want to find out who is trying to access your network you need to convert the IP (1.2.3.4) to a domain (my.domain.com)

2. I have seen where doing an NSLookup on a domain (my.domain.com) will return one IP address (1.2.3.4) but doing an NSLookup on the IP address (1.2.3.4) will return a different domain (notmy.domain.com). This could be due to an alias domain (my.domain.com) pointing to the same IP address (1.2.3.4) as the actual domain (notmy.domain.com)  This is used mostly on internal networks when you replace a device and get a new IP/domain but want to point the old domain to the new address to make it easier than trying to change all the hooks that point to the old domain.  Lazy but still done.  :)
0
 
LVL 41

Assisted Solution

by:footech
footech earned 800 total points
ID: 40592984
In furtherance of "why do we need it".  There are times when it's just nice to have, there are others when it is essential.  Typically for email delivery reverse records become very important.  Having the right relationship between A records, PTR records, and SMTP banners makes it much more likely that email sent from your server will not be blocked or treated as spam.
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 
LVL 1

Author Comment

by:leblanc
ID: 40593711
Thank you very much for the explanation. Now I have a question. My domain name (or subdomain I should say) is sslvpn.mydomain.com and it is associated to 1.1.2.2. I did a nslookup to 8.8.8.8 on my 1.1.2.2, it gives me a Comcast generic name:

>1.1.2.2
Server: google-public...
Address: 8.8.8.8

Name: 1.1.2.2-static.comcastbusiness.net.
Address: 1.1.2.2

Then I did a lookup on sslvpn.mydomain.com and I got:
>sslvpn.mydomain.com
Server: google-public...
Address: 8.8.8.8

Name: sslvpn.mydomain.com
Address: 1.1.2.2

I'd like to know why there is a difference in the name between my real subdomain name & the Comcast name when I did a lookup between an IP addrses and my subdomain. Is it possible to get the correct Name when I input my subdomain IP address? In other words, is it possible to get the Name sslvpn.mydomain.com instead of the Comcast name when I enter 1.1.2.2? Thx
0
 
LVL 41

Assisted Solution

by:footech
footech earned 800 total points
ID: 40593921
In the first one you're querying for a PTR record, in the second you are querying for an A record.  This is what Striker007 described - you have to have Comcast configure the PTR record for your IP to point to "sslvpn.mydomain.com" instead of the default value that Comcast has given it.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 400 total points
ID: 40594263
Typically the owner of a domain either runs the DNS server that provides name resolution for that domain, or they have management interface to the DNS server so they can maintain host names.  So in your case you either run, or have access to add/delete/modify DNS entries for the domain "mydomain.com".

For PRT records, the company has has been assigned an IP subnet directly by a regional Internet registrar, such as ARIN,  maintains the PRT records for the addresses it has been assigned.  

Some ISP's will delegate the management of the PTR records to the companies they sub-assign IP addresses too.  In your case Comcast is responsible for the PTR record.   If this is a static record and they have not delegated the management of PTR records to you, then as footech stated, you can ask them to change the PTR record to the host name you want it to be.

Some services, SMTP and SSH are two that come to mind,  do reverse lookups.  As footech stated, some SMTP servers will do this to verify that the host name the address maps to is within the domain that it is sending e-mail from.  SSH servers do this because some SSH servers are configured to restrict/check access by host name.

I know there are a few other servers services that do reverse looks for other reasons.  Apache will doa reverse lookup if you code a host name in it configuration.  Once it gets a valid response back it will then does a open specific for that address to start listening on.
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question