Implementation details[edit]

IPv4 reverse resolution[edit]

Reverse DNS lookups for IPv4 addresses use the special domain in-addr.arpa. In this domain, an IPv4 address is represented as a concatenated sequence of four decimal numbers, separated by dots, to which is appended the second level domain suffix .in-addr.arpa. The four decimal numbers are obtained by splitting the 32-bit IPv4 address into four octets and converting each octet into a decimal number. These decimal numbers are then concatenated in the order: least significant octet first (leftmost), to most significant octet last (rightmost). It is important to note that this is the reverse order to the usual dotted-decimal convention for writing IPv4 addresses in textual form.

For example, to do a reverse lookup of the IP address 8.8.4.4 the PTR record for the domain name 4.4.8.8.in-addr.arpa would be looked up, and found to point to dns.google.

If the A record for dns.google in turn pointed back to 8.8.4.4 then it would be said to be forward-confirmed.

The original use of the rDNS: network troubleshooting via tools such as , ping, and the "Received:" trace header field for SMTP e-mail, web sites tracking users (especially on Internet forums), etc.

traceroute

One : checking the domain names in the rDNS to see if they are likely from dialup users, or dynamically assigned addresses unlikely to be used by legitimate mail servers. Owners of such IP addresses typically assign them generic rDNS names such as "1-2-3-4-dynamic-ip.example.com." Some anti-spam filters assume that email that originates from such addresses is likely to be spam, and may refuse connection.^[6]^[7]

e-mail anti-spam technique

A (FCrDNS) verification can create a form of authentication showing a valid relationship between the owner of a domain name and the owner of the server that has been given an IP address. While not very thorough, this validation is strong enough to often be used for whitelisting purposes, since spammers and phishers usually cannot achieve forward validation when they use zombie computers to forge domain records.

forward-confirmed reverse DNS

System logging or monitoring tools often receive entries with the relevant devices specified only by IP addresses. To provide more human-usable data, these programs often perform a reverse lookup before writing the log, thus writing a name rather than the IP address.

The most common uses of the reverse DNS include: