Reverse DNS
Reverse DNS Lookup (rDNS) refers to a DNS query in which the name of an IP address is to be determined. Alternative names are inverse requests , reverse lookup or inverse requests . The counterpart with the telephone is the so-called inverse search , i.e. the search for the name of a given telephone number.
background
In most cases, the Domain Name System (DNS) is used to determine the IP address associated with a domain name . But there is also the reverse situation, in which the name is required for a given IP address. If this resolution is to be made possible, a reverse domain is created.
technology
Since it would be extremely time-consuming to search the entire domain tree for the desired IPv4 address in the event of an inverse request - it is not known in which branch the entry is located - an independent domain for inverse access was created, which is stored in -addr .arpa domain. There are only three subdomain levels below this domain, so that a maximum of three steps are required to resolve an IPv4 address.
The immediate subdomains of in-addr.arpa have a number between 0 and 255 as a label and represent the first component of an IPv4 address. (Examples: 10.in-addr.arpa or 192.in-addr.arpa ).
The next level in the tree represents the second component of an IPv4 address (example: 16.172.in-addr.arpa. Contains the IPv4 addresses 172.16.xy) and the lowest level finally the third component (example: 2.0.192.in- addr.arpa contains all known IPv4 addresses of the network 192.0.2.0/24 - e.g. 192.0.2.69).
As can be seen from the examples, a reverse name contains the IP address components in reverse order. This structure enables the reverse address space to be refined in several steps. For example, the network 198.51.0.0/16 can initially be replaced by the reverse domain 51.198.in-addr.arpa. be represented. All newly assigned IPv4 addresses from this segment are entered there. Subdomains can be created at a later point in time (e.g. 100.51.198.in-addr.arpa ). Inverse requests to IP addresses for which no subdomains exist are still resolved via the global domains.
Reverse domains work just like normal ones. This essentially also applies to the corresponding zone files (see: Zone ). At the beginning of a zone file assigned to a reverse domain there is an SOA resource record followed by one or more NS resource records . However, only PTR resource records are permitted as further RR types . A PTR-RR has an IP address on the left and a name on the right - in contrast to the A Resource Record , which has a name on the left and an IP address on the right.
This principle is also used for IPv6 addresses. In addition to the previous domain, ip6.arpa was introduced. The hexadecimal digits of the IPv6 addresses are not written down in blocks of four, but individually.
Example:
1.113.0.203.in-addr.arpa. 1285 IN PTR server1.example.com. b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. 1285 IN PTR server1.example.com.
The corresponding entry of the domain example.com then looks like this:
server1.example.com. 1800 IN A 203.0.113.1 server1.example.com. 1800 IN AAAA 2001:db8::567:89ab
To determine the corresponding host name, you can use the nslookup command in the same way as determining an IP for a host name . The query for the above example would then look like this.
nslookup 203.0.113.1 nslookup 2001:db8::567:89ab
Remarks
- ↑ Note on usage: reverse refers to the fact that the components of an IP address are stored in reverse order in the in-addr.arpa domain or in the ip6.arpa domain. inverse refers to DNS access: the reverse information is requested - a name and not, as usual, an IP address.