In the usual DNS process, domain names are mapped to IP addresses, and when you run a DNS query, it returns the associated IP address, and this is known as “forward DNS resolution”, and this is what most network engineers are used to.
Today I want to discuss the unusual, the opposite of “forward DNS resolution”; where an IP address is looked up against its designated domain name and this technique is known as “Reverse DNS lookup” and can also be referred to as “Reverse delegation”.
Reverse delegation is essential for the integrity and security of internet communications, allowing for verification and authentication of IP addresses in various network services, particularly email services that need to verify the domain associated with an incoming IP address while performing anti-spam checks.
If you work in an ISP environment, you probably have come across requests from clients asking you to configure reserve delegation for the public IP address you assigned to them, this is most likely that they are using that IP on their email servers and are having issues with their emails being dropped or marked as spam.
Let’s quickly go through the steps taken when performing a reverse DNS lookup of an IP address. For example, when you run “dig -x 50.116.84.38”
Step 1: IP Address Conversion
During this step, the IP address is reversed and the special domain .in-addr.arpa (for IPv4) or .ip6.arpa (for IPv6) is appended to form what is known as a Pointer (PTR) record and this is what will be used in the next step to find the corresponding domain name. For example, the IP address 50.116.84.38 is reversed to 38.84.116.50 and “.in-addr.arpa.” is appended to make a full PTR record: 38.84.116.50.in-addr.arpa.
Step 2: PTR Record Query
The PTR record obtained from step 1 above is then used to perform a DNS query in the “in-addr.arpa.” a top level domain (TLD) used specifically for reverse DNS lookups of IPv4 addresses. The Internet Assigned Numbers Authority (IANA) delegates the corresponding reverse DNS zones to the Regional Internet Registries (RIRs) for example, AFRINIC, APNIC, RIPE according to the allocated IP address blocks or segments. Each corresponding RIR is a reverse DNS authority for its IP segments. ISPs that receive direct IP allocations from these RIRs must create reverse delegation for their IP segments by specifying their IP prefix, DNS Name Server(s), and Maintainer object name. The referenced DNS servers in the RIR reverse delegation have to create reverse DNS zone file named according to the reversed IP address block followed by .in-addr.arpa, and it would be referenced in the DNS server’s main configuration file to be served appropriately. In this zone file is where the specific PTR records are defined and mapped to their corresponding domain names.
Making reference to our example above in “dig -x 50.116.84.38”, and PTR record “38.84.116.50.in-addr.arpa.” If we dig on only the .50 IP segment, we see it’s issued by the RIR called RIPE.
Step 3: DNS Server Response:
In this step, the responsible DNS server looks up its records to find a match for the PTR record query. For example, If we further dig up to the third octet (50.116.84.), we see the Name Servers that have the PTR records for IP 50.116.84.38
And it’s in these servers that the zone file “84.116.50.in-addr.arpa” is defined, and in such a zone file is where the pointer “38.84.116.50.in-addr.arpa.” maps to domain “cloud74.hostgator.com.”
Bonus Useful Tips:
Here is an online tool I use to perform Reverse DNS Checks:
If your RIR is AFRINIC, you can easily create reverse DNS for your prefixes and delegate to your authority name servers by going to: