Solved

dns reverse lookup

Posted on 2015-02-05
6
121 Views
Last Modified: 2015-02-16
Can somebody educate me on the dns reverse lookup? What is it and why do we need it? Thank you.
0
Comment
Question by:leblanc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Assisted Solution

by:Leo
Leo earned 100 total points
ID: 40592663
Reverse DNS is IP address to domain name mapping - the opposite of forward (normal) DNS which maps domain names to IP addresses.

Reverse DNS is separate from forward DNS.
Forward DNS for "abc.com" pointing to IP address "1.2.3.4", does not necessarily mean that reverse DNS for IP "1.2.3.4" also points to "abc.com".
This comes from two separate sets of data.

A special PTR-record type is used to store reverse DNS entries. The name of the PTR-record is the IP address with the segments reversed + ".in-addr.arpa".
For example the reverse DNS entry for IP 1.2.3.4 would be stored as a PTR-record for "4.3.2.1.in-addr.arpa".

Reverse DNS is also different from forward DNS in who points the zone (domain name) to your DNS server.
With forward DNS, you point the zone to your DNS server by registering that domain name with a registrar.
With reverse DNS, your Internet connection provider (ISP) must point (or "sub-delegate") the zone ("....in-addr.arpa") to your DNS server.
Without this sub-delegation from your ISP, your reverse zone will not work.

For examples on Reverse DNS, kindly see this link.....

https://www.ntchosting.com/encyclopedia/dns/reverse-dns/#The_Reverse_DNS 

There are tools as well, which can lookup for reverse DNS....

http://www.dnsstuff.com/docs/ptr/

http://mxtoolbox.com/ReverseLookup.aspx
0
 
LVL 26

Accepted Solution

by:
pony10us earned 100 total points
ID: 40592683
Good explanation of what it is but to answer the second part

...and why do we need it

1. If you are looking at the logs for say a firewall it will be in IP's (1.2.3.4) so you want to find out who is trying to access your network you need to convert the IP (1.2.3.4) to a domain (my.domain.com)

2. I have seen where doing an NSLookup on a domain (my.domain.com) will return one IP address (1.2.3.4) but doing an NSLookup on the IP address (1.2.3.4) will return a different domain (notmy.domain.com). This could be due to an alias domain (my.domain.com) pointing to the same IP address (1.2.3.4) as the actual domain (notmy.domain.com)  This is used mostly on internal networks when you replace a device and get a new IP/domain but want to point the old domain to the new address to make it easier than trying to change all the hooks that point to the old domain.  Lazy but still done.  :)
0
 
LVL 40

Assisted Solution

by:footech
footech earned 200 total points
ID: 40592984
In furtherance of "why do we need it".  There are times when it's just nice to have, there are others when it is essential.  Typically for email delivery reverse records become very important.  Having the right relationship between A records, PTR records, and SMTP banners makes it much more likely that email sent from your server will not be blocked or treated as spam.
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 1

Author Comment

by:leblanc
ID: 40593711
Thank you very much for the explanation. Now I have a question. My domain name (or subdomain I should say) is sslvpn.mydomain.com and it is associated to 1.1.2.2. I did a nslookup to 8.8.8.8 on my 1.1.2.2, it gives me a Comcast generic name:

>1.1.2.2
Server: google-public...
Address: 8.8.8.8

Name: 1.1.2.2-static.comcastbusiness.net.
Address: 1.1.2.2

Then I did a lookup on sslvpn.mydomain.com and I got:
>sslvpn.mydomain.com
Server: google-public...
Address: 8.8.8.8

Name: sslvpn.mydomain.com
Address: 1.1.2.2

I'd like to know why there is a difference in the name between my real subdomain name & the Comcast name when I did a lookup between an IP addrses and my subdomain. Is it possible to get the correct Name when I input my subdomain IP address? In other words, is it possible to get the Name sslvpn.mydomain.com instead of the Comcast name when I enter 1.1.2.2? Thx
0
 
LVL 40

Assisted Solution

by:footech
footech earned 200 total points
ID: 40593921
In the first one you're querying for a PTR record, in the second you are querying for an A record.  This is what Striker007 described - you have to have Comcast configure the PTR record for your IP to point to "sslvpn.mydomain.com" instead of the default value that Comcast has given it.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 100 total points
ID: 40594263
Typically the owner of a domain either runs the DNS server that provides name resolution for that domain, or they have management interface to the DNS server so they can maintain host names.  So in your case you either run, or have access to add/delete/modify DNS entries for the domain "mydomain.com".

For PRT records, the company has has been assigned an IP subnet directly by a regional Internet registrar, such as ARIN,  maintains the PRT records for the addresses it has been assigned.  

Some ISP's will delegate the management of the PTR records to the companies they sub-assign IP addresses too.  In your case Comcast is responsible for the PTR record.   If this is a static record and they have not delegated the management of PTR records to you, then as footech stated, you can ask them to change the PTR record to the host name you want it to be.

Some services, SMTP and SSH are two that come to mind,  do reverse lookups.  As footech stated, some SMTP servers will do this to verify that the host name the address maps to is within the domain that it is sending e-mail from.  SSH servers do this because some SSH servers are configured to restrict/check access by host name.

I know there are a few other servers services that do reverse looks for other reasons.  Apache will doa reverse lookup if you code a host name in it configuration.  Once it gets a valid response back it will then does a open specific for that address to start listening on.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This program is used to assist in finding and resolving common problems with wireless connections.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question