Reverse DNS Lookup: What It Is, How to Find One, and Uses

Websites are great for an online presence but can also be your secret marketing weapon when it comes to learning about your visitors.

Your website probably gets decent traffic whether you sell products or services, but only some of these visitors are decision-makers looking to buy. What if you could figure out which domains these potential customers come from?

You absolutely can because your website stores visitors’ internet protocol (IP) addresses, and with reverse domain name system (DNS) lookup, you can query these IP addresses for internet hosts or domain names. Businesses generally use IP address intelligence software to identify visitor IP addresses and de-anonymize web traffic.

Reverse DNS lookup helps you with network security and management too. IT teams and system admins backtrack IP addresses to spot malicious sites and troubleshoot network issues. You can also use reverse DNS for email address whitelisting, which prevents important emails from being marked as spam. 

The reverse DNS lookup process involves reverse resolving an IP address using registrar tables and pointer records (PTR) from the domain name registry. That’s why it’s also known as reverse DNS resolution (rDNS).

The internet stores reverse DNS entries or PTR records on the address and routing parameter area (ARPA), commonly known as .arpa top-level domain. The format of a DNS record varies depending on whether it’s an IPv4 A record or IPv6 AAAA record. Reverse lookup IP address queries can be performed using command-line tools like dig, which allows for a dig reverse lookup of PTR records.

“A” records live on the .in-addr.arpa subdomain, while “AAAA” records are on .ip6.arpa. Additionally, for specific use cases, a reverse URL lookup can help identify the associated IP address for a given domain.

How does reverse DNS lookup work?

A reverse DNS lookup queries a DNS server for domain name pointer records that contain the list of IP addresses and corresponding domain names. When a PTR record is on the server, the query returns the hostname associated with the IP address. Reverse DNS lookup can’t provide the domain name when there’s no PTR record on the server. 

Below is a breakdown of the different syntax fields:

• Name represents the given IP address.
• Time to live (TTL) denotes the DNS record expiration date.
• Class refers to the DNS class, an independent namespace that categorizes types of data within the DNS system and can define reverse DNS zone entries.
• rData contains the hostname or domain name.

For example, a domain with an IP address of 194.0.1.2 stores the PTR record information under 2.1.0.194.in-addr.arpa domain. Ipv6, the latest internet protocol version, uses .ip6.arpa instead of .in-addr.arpa. PTR records follow a structure similar to DNS records. 

How to do a reverse DNS lookup

You can perform a reverse DNS query using Windows Command Line, Linux terminal, and reverse DNS lookup tools. 

Reverse DNS lookup using Windows

Windows 10 or previous version users must run the nslookup command prompt to perform rDNS lookup and find reverse DNS records in a Windows server. It’s not solely a reverse DNS lookup command—it’s a versatile DNS query tool that can perform both forward and reverse lookups.

Opening the Start menu in Windows. Use the search bar to find the command prompt. Type nslookup followed by the IP address and run the command. You should be able to see a domain’s A records, the start of authority (SOA) records, and nameserver (NS) records.

Reverse DNS lookup using Linux

Linux system users can perform reverse IP lookup using dig, host, or nslookup commands.

Domain information groper or dig command returns name servers as you manually look up rDNS through the Linux terminal. It’s mainly used for checking and resolving DNS issues. Host command converts IP addresses to host names and vice versa.

The nslookup command is the most widely used network administration tool. It uses interactive or non-interactive mode to query domain name servers. The interactive mode lets you find and print host and domain information, whereas the non-interactive mode only shows the requested details.

When to use reverse lookup command

IT departments use reverse lookup to track website visitors, filter spam emails, and troubleshoot internet protocols, just to name a few applications. 

• Spam email filtering: Email servers can't tell if an email is legit or spam just by looking at its IP address, so it's essential to check whether an email message is from a valid external server. An rDNS check helps differentiate between legitimate mail servers and dial-up users or dynamically assigned IP addresses. Mail servers usually reject emails from servers that don't support reverse lookups.
• Website visitor tracking: Business-to-business (B2B) companies use reverse lookup tools to uncover hostnames of IP addresses captured by website visit logs. These hostnames offer companies a complete picture of who visits their website, which supports lead generation efforts. 
• Troubleshooting: IT teams troubleshoot network and internet protocol with reverse DNS. As a result, they're better able to resolve problems related to enterprise management systems, network backup systems, and simple mail transfer protocol (SMTP) servers.
• System logging: System monitoring tools usually receive entries with device-specific IP addresses. Then, they use reverse DNS lookup to find and write the domain names in the log. 
• Whitelisting: System administrators sometimes have to manually allow email IDs, domain names, and IP addresses to prevent important emails from accidentally ending up in the junk folder. To do this, they use forward-confirmed rDNS (FCrDNS), a networking parameter for matching forward and reverse DNS. It's worth noting that spammers using forged domain records can't achieve forward validation. 

Reverse DNS lookup benefits

Forward lookup is more common in DNS resolution because it's simpler to translate domain names to IP addresses. However, reverse DNS lookup is the best bet for organizations that want to boost email deliverability and de-anonymize web traffic.

• Email deliverability: Email servers rely on reverse lookup tools to verify that emails originate from designated servers for specific domains. Reverse lookup helps email marketers and IT teams reject messages (often spam) from servers without reverse DNS records.
• Web traffic analysis: IT teams often capture visitors’ IP addresses instead of domain names in log files. They can find domain names from these IP addresses by doing a reverse lookup. As a result, businesses can better analyze traffic trends, boost marketing efforts, and find new opportunities. 
• Cyber crime investigation: Intelligence analysts and cyber crime investigators use Reverse DNS tools and DNS security solutions to spot potential threats and internet-wide mass scanners. Reverse DNS helps them identify the authors of these scanning or malware spreading activities. 

Reverse DNS = critical DNS

Many website owners don’t consider reverse DNS as critical as the classic DNS. They neglect it because visitors can still visit a website that doesn’t have reverse DNS records, but things get tricky when they try to send emails. Most email servers reject mail from servers without reverse DNS entries and label them as spam. That’s why it’s best to ask your internet service provider (ISP) to enable rDNS. 

Reverse DNS checks are also necessary for deanonymizing web traffic, troubleshooting internet protocols, and logging IP addresses. Without them, you may face difficulties keeping spammers away or even understanding who visits your website.

Looking for secure DNS solutions to power traffic across the web, apps, and networks? Check out the top managed DNS providers to get started. 

This article was originally published in 2023. It has been updated with new information.