PTR record is a special type of DNS record that enables us to look up the domain name associated with a given IP address. This is the reverse of the process of looking up the IP address for a given domain name. Therefore, we generally refer to this process as reverse DNS lookup.
We typically use reverse DNS lookups to verify that a given domain name is indeed associated with the IP address it claims to be associated with. The most common application for this is spam filtering in email servers.
We’ll start this tutorial by looking at how DNS servers store PTR records. Then, we’ll proceed to see how we can use different commands to check the PTR records for a given IP address.
2. How Do DNS Servers Store Ptr Records?
2.1. For IPv4 Addresses
DNS servers store PTR records for IPv4 addresses within the namespace of the .arpa domain, for historical reasons related to the ARPANET (predecessor to the Internet). For example, the PTR record for an IP address 188.8.131.52 would be stored as 184.108.40.206.in-addr.arpa, where 220.127.116.11 is the reversed form of the original IP 18.104.22.168.
2.2. For IPv6 Addresses
For IPv6 records, the IP address is reversed and split into chunks of four bits (one hexadecimal digit) each, separated by a dot. The namespace used is ip6.arpa instead of in-addr.arpa. So, for an IP 4002:5003:6004:7005:8006:9007:a008:b009, the PTR record would be 9.0.0.b.8.0.0.a.22.214.171.124.126.96.36.199.188.8.131.52.184.108.40.206.220.127.116.11.18.104.22.168.ip6.arpa.
2.3. Setting PTR Records
Internet Service Providers (ISPs) usually manage PTR records. In the case of cloud servers, the hosting providers could be managing them. Some providers allow us to set PTR records via a dashboard, while for others, we’ll need to contact them via their support channel to get this done.
3. The dig Command
The dig command stands for Domain Information Groper. It is widely used to extract information from DNS servers. We can use the dig command with the -x option to perform a PTR lookup:
$ dig -x 22.214.171.124 ... ;; ANSWER SECTION: 126.96.36.199.in-addr.arpa. 83094 IN PTR dns.google. ...
In the above example, we tried running the lookup for the IP address of dns.google which is 188.8.131.52. In the answer section of the output, we see that the 184.108.40.206.in-addr.arpa record points back to dns.google. The same command will work for IPv6 addresses, too.
4. The nslookup Command
nslookup is another command that we can use for performing DNS lookups. To lookup a PTR record, we need to just type the nslookup command followed by the IP address:
$ nslookup 220.127.116.11 18.104.22.168.in-addr.arpa name = dns.google. Authoritative answers can be found from: 8.8.in-addr.arpa nameserver = ns1.level3.net. 8.8.in-addr.arpa nameserver = ns2.level3.net. ns2.level3.net internet address = 22.214.171.124 ns1.level3.net internet address = 126.96.36.199
The first line of the output shows us the domain associated with the given IP address. We can use the same command for IPv6 addresses too.
5. The host Command
host is yet another command that can be used for performing DNS lookups. Using this command, we can perform a PTR lookup as follows:
$ host -t PTR 188.8.131.52 184.108.40.206.in-addr.arpa domain name pointer dns.google.
In the above example, we used the -t option to specify that we are looking for the record type PTR, followed by the IP address we are querying for. As with the earlier commands, this works with IPv6 addresses too.
In this tutorial, we first looked at different ways of looking up PTR records for a given IP address. This can be useful to us when we are building or configuring email servers and related applications, among other things. Of the three commands we looked at, the output of the host command is the easiest to parse for further processing in other programs.