What is Reverse DNS?
Normal DNS (Domain Name Service) is used to translate a human readable URL/Domain Name into an address that is easier for a computer to understand – the IP address. As the name implies, Reverse DNS (RDNS) does the opposite – translating an IP address into a Domain Name.
You may find traffic originating from 220.127.116.11 and if you do a normal
nslookup query against that IP, you will get the following answer:
Server: 18.104.22.168 Address: 22.214.171.124#53 Non-authoritative answer: 126.96.36.199.in-addr.arpa name = google-public-dns-a.google.com.
This tells us that the IP 188.8.131.52 is assigned to a Google public DNS server. The rather strange looking entry
184.108.40.206.in-addr.arpa is known as a Reverse Pointer or PTR record. The symmetrical address 220.127.116.11 does not show how a PTR record is really constructed – that we will show you next.
How is it used?
Reverse DNS is used by ISP’s, Mail Servers and Anti-Spam software. These different agents use a Reverse pointer to check a domain against the IP it says it is coming from. If the forward lookup (DNS) and reverse lookup (RDNS) match, the domain is said to be fully validated in DNS terms.
Email from IP’s and domains with RDNS pointers is trusted more than domains/IP’s with no RDNS. The trust score is often dependant on what the RDNS points to. Usually, a single IP is mapped to a single name, but you may have multiple IP addresses mapped to one name.
The structure of the PTR record is a semi-mirror of the IP. Thus the IP address 10.20.35.45 pointing to my.testdomain.net will have the following PTR entry:
18.104.22.168.in-addr.arpa 86400 IN PTR my.testdomain.net
Why is it good and why not?
In general, having a reverse DNS is better than not having it. You may ask why it generates trust – can a spammer not just add an RDNS entry to their IP address? The reason for the higher trust is that you have to control a minimum of a Class C IP block to enable RDNS.
Not many individuals control this much IP space. Even if they did, each IP block is required to be registered to someone and is thus trackable. Being able to trace a responsible entity makes it a bit easier to act against abuse from an IP address.
Most ISP’s do not take kindly to their IP addresses being marked as spam sources and will usually enforce strict policies around Spam and Abuse, enabling suspension of abusive clients.
The flipside is that some lazy ISP’s assign an RDNS Record for every IP they have which makes it a bit pointless.
At HOSTAFRICA, we try to assign RDNS only on request and then we check that both Reverse and Forward records match. Some ISP’s never assign RDNS and that can have a negative effect on an email you send out.
While RDNS may not be a make-or-break factor in IT, it can help sort out many minor issues. Using it correctly also point to a responsible hosting provider that cares about its internet reputation. This is becoming more and more important.
As IPV6 starts to come into use, RDNS will become even more important.