On a computer network, the search for reverse DNS or reverse DNS resolution ( rDNS ) is a query from the Domain Name System (DNS) to determine the associated domain name with an IP address - the opposite of a regular "forward" DNS lookup from an IP address of a domain name. The reverse resolves the IP address using the PTR record. The reverse DNS database from the Internet is rooted in the arpa top level domain.
Although RFC 1912 information (Section 2.1) recommends that "every host accessible on the Internet must have a name" and that "for each IP address, there must be a matching PTR record," it is not an Internet Standards requirement, and not all IP addresses have reverse entry.
Video Reverse DNS lookup
Historical usage
The modern "DNS lookup" can not be confused with an outdated "inverse query" (IQUERY) mechanism defined in RFC 1035:
Conflicting questions take a single RR form in the message reply section, with blank question sections. The owner name of the query RR and the TTL is not significant. The response brings up a question in the question section that identifies all names that have a RR request that the name server knows . Since no name server knows about all domain name spaces, its response will never be considered complete. So inverse queries are especially useful for database management and debugging activities. Inverted queries are not an acceptable method for mapping host addresses to host names; use the
in-addr.arpadomain instead.
IQUERY message types are always "optional" and "never widely used"; it was "permanently retired" in 2002 with the adoption of RFC 3425.
Maps Reverse DNS lookup
Implementation details
IPv4 reverse resolution
Reverse DNS lookups for IPv4 addresses using custom domains in-addr.arpa . In this domain, the IPv4 address is represented as a series of four decimal digits, separated by dots, which added the second-level domain ending .in-addr.arpa . Four decimal digits are obtained by splitting the 32-bit IPv4 address into four octets and converting each octet into a decimal number. These decimal numbers are then combined in the order of the first least significant octets, to the last most significant octet (far right). It is important to note that this is the inverse order to a conventional decimal point convention for writing IPv4 addresses in textual form.
For example, to perform a reverse search of IP address 8.8.4.4 PTR records for domain names 4.4.8.8.in-addr.arpa will be searched, and found to point to google-public-dns-b.google.com .
If record A for google-public-dns-b.google.com in turn points back to 8.8.4.4 then it will be said to be confirmed in the future.
Non-class return DNS method
Historically, Internet logging and Internet service providers allocated IP addresses in blocks 256 (for Class C) or larger octet-based blocks for classes B and A. By definition, each block falls within the octet boundary. The reverse DNS domain structure is based on this definition. However, with the introduction of Non-Class Inter-Domain Routing, IP addresses are allocated in much smaller blocks, and hence the original design of the pointer notes is impractical, since the smaller administrative autonomy of the block can not be granted. RFC 2317 devised a methodology to solve this problem using CNAME records.
IPv6 resolution backwards
Reverse DNS lookups for IPv6 addresses using custom domains ip6.arpa (formerly ip6.int ). An IPv6 address appears as a name in this domain as a snack sequence in reverse order, represented as a hexadecimal digit as a subdomain. For example, the domain name of the bookmark corresponding to the IPv6 address 2001: db8 :: 567: 89ab is ba9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.8.bd0.1.0.0.2.ip6.arpa .
Double pointer recording
While most rDNS entries have only one PTR record, DNS does not limit the number. Some PTR records are used, for example, when the web server supports multiple virtual hosts - that is, some host names then resolve to a single address, and some host names will be returned for PTR searches for that shared address. However, DNS lookups typically occur over UDP, and since UDP has a limited message size, in extreme cases, some PTRs may cause DNS responses to exceed the UDP limit.
Record other than PTR records
Record types other than PTR records can also appear in the reverse DNS tree. For example, an encryption key can be placed there for IPsec, SSH, and IKE. DNS Based Service Search uses a special-named record in the reverse DNS tree to provide instructions to the client about the discovery domain of a subnet-specific service. Less standard uses include comments placed in TXT records and LOC records to identify the geophysical location of IP addresses.
Usage
The most common uses of reverse DNS include:
- The original usage of rDNS: network troubleshooting through tools such as traceroute, ping, and "Received:" header fields for SMTP email, websites that track users (especially on Internet forums)
- One anti-spam email technique: checking the domain name in rDNS to see if they may be from dialup users, or dynamically assigned addresses are not likely to be used by legit mail servers. The owner of the IP address usually assigns generic rDNS names like "1-2-3-4-dynamic-ip.example.com." Some anti-spam filters assume that mail originating from the address is likely to be spam, and may deny connections.
- Verified reverse DNS verification (FCrDNS) can create authentication forms that indicate a valid relationship between the owner of the domain name and the server owner who has been assigned an IP address. Though not very thorough, this validation is powerful enough to be used frequently for whitelisting purposes, since spammers and phishers typically can not achieve future validation when they use zombie computers to forge domain records.
- The system logging or monitoring tool often receives entries with relevant devices that are determined solely by IP addresses. To provide more data that humans can use, these programs often perform inverse searches before writing logs, thus writing names rather than IP addresses.
References
External links
- Web-based DNS search tool in Curlie (based on DMOZ)
- ICANN DNS operations
- Extension RFC 3596 DNS to Support IP Version 6
- RDNS Policy: AOL, Comcast, Craigslist, Misk.com
Source of the article : Wikipedia
0 Comments