Incomputer networks, areverse DNS lookup orreverse DNS resolution (rDNS) is the querying technique of theDomain Name System (DNS) to determine thedomain name associated with anIP address – the reverse of the usual "forward" DNS lookup of an IP address from a domain name.^[1] The process of reverse resolving of an IP address usesPTR records. rDNS involves searching domain name registry and registrar tables. The reverse DNS database of the Internet is rooted in the.arpa top-level domain.

Although the informational RFC 1912 (Section 2.1) recommends that "every Internet-reachable host should have a name" and that "for every IP address, there should be a matching PTR record," it is not anInternet Standard requirement, and not all IP addresses have a reverse entry.

The modern "reverse DNS lookup" should not be confused with the now-obsolete "inverse query" (IQUERY) mechanism specified inRFC 1035:

Inverse queries take the form of a singleresource record (RR) in the answer section of the message, with an empty question section. The owner name of the query RR and itstime to live (TTL) are not significant. The response carries questions in the question section which identify all names possessing the query RRwhich the name server knows. Since no name server knows about all of the domain namespace, the response can never be assumed to be complete. Thus inverse queries are primarily useful for database management and debugging activities. Inverse queries arenot an acceptable method of mapping host addresses to host names; use thein-addr.arpa domain instead.^[2]

The IQUERY message type was always "optional"^[2] and "never achieved widespread use";^[3] it was "permanently retired"^[3] in 2002 with the adoption ofRFC 3425.

Reverse DNS lookups forIPv4 addresses use the special domainin-addr.arpa. In this domain, an IPv4 address is represented as a concatenated sequence of four decimal numbers, separated by dots, to which is appended the second level domain suffix.in-addr.arpa. The four decimal numbers are obtained by splitting the 32-bit IPv4 address into fouroctets and converting each octet into a decimal number. These decimal numbers are then concatenated in the order: least significant octet first (leftmost), to most significant octet last (rightmost). It is important to note that this is the reverse order to the usual dotted-decimal convention for writing IPv4 addresses in textual form.

For example, to do a reverse lookup of the IP address8.8.4.4 the PTR record for the domain name4.4.8.8.in-addr.arpa would be looked up, and found to point todns.google.

If theA record fordns.google in turn pointed back to8.8.4.4 then it would be said to beforward-confirmed.

Historically, Internet registries and Internet service providers allocated IP addresses in blocks of 256 (for Class C) or larger octet-based blocks for classes B and A. By definition, each block fell upon an octet boundary. The structure of the reverse DNS domain was based on this definition. However, with the introduction ofClassless Inter-Domain Routing, IP addresses were allocated in much smaller blocks, and hence the original design of pointer records was impractical, since autonomy of administration of smaller blocks could not be granted. RFC 2317 devised a methodology to address this problem by usingCNAME records.

Reverse DNS lookups forIPv6 addresses use the special domainip6.arpa (previouslyip6.int^[4]). An IPv6 address appears as a name in this domain as a sequence ofnibbles in reverse order, represented as hexadecimal digits as subdomains. For example, the pointer domain name corresponding to the IPv6 address2001:db8::567:89ab isb.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.

While most rDNS entries only have one PTR record, DNS does not restrict the number. Multiple PTR records are used, for example, when a web server supports manyvirtual hosts— i.e. multiple hostnames then resolve to a single address, and multiple hostnames will be returned for a PTR lookup for that shared address. However, DNS lookups typically occur over UDP, and since UDP has a limited message size, in extreme cases, multiple PTRs could cause a DNS response to exceed those UDP limits.

Record types other than PTR records may also appear in the reverse DNS tree. For example, encryption keys may be placed there forIPsec,SSH andIKE.DNS-Based Service Discovery uses specially-named records in the reverse DNS tree to provide hints to clients about subnet-specific service discovery domains.^[5] Less standardized usages include comments placed inTXT records andLOC records to identify the geophysical location of an IP address.

The most common uses of the reverse DNS include:

• The original use of the rDNS: network troubleshooting via tools such astraceroute,ping, and the "Received:" trace header field forSMTP e-mail, web sites tracking users (especially onInternet forums), etc.
• Onee-mail anti-spam technique: checking the domain names in the rDNS to see if they are likely from dialup users, or dynamically assigned addresses unlikely to be used by legitimate mail servers. Owners of such IP addresses typically assign them generic rDNS names such as "1-2-3-4-dynamic-ip.example.com." Some anti-spam filters assume that email that originates from such addresses is likely to be spam, and may refuse connection.^[6][7]
• Aforward-confirmed reverse DNS (FCrDNS) verification can create a form of authentication showing a valid relationship between the owner of a domain name and the owner of the server that has been given an IP address. While not very thorough, this validation is strong enough to often be used forwhitelisting purposes, sincespammers andphishers usually cannot achieve forward validation when they usezombie computers to forge domain records.
• System logging or monitoring tools often receive entries with the relevant devices specified only by IP addresses. To provide more human-usable data, these programs often perform a reverse lookup before writing the log, thus writing a name rather than the IP address.

• Information retrieval systems
• Domain Name System

• Articles with short description
• Short description matches Wikidata
• Use American English from February 2019
• All Wikipedia articles written in American English