What is rDNS?

The rDNS stands for Reverse Domain Name System. If you are familiar with the DNS, you know that the most common case is a forward DNS lookup. A typical request is when a specific domain name is written, and the DNS must find the corresponding IP address. 

The rDNS is exactly the opposite operation. What is requested is the corresponding domain of a specific IP address.

This operation is also known as reverse DNS resolution or reverse DNS lookup (rDNS) in computer networks. Frequently, rDNS is considered a premium feature or service supplied by paid managed DNS plans. 

What’s rDNS for?

  • It’s commonly used as a security method for verifying the correct match between an IP address and the domain name. If a mismatch is detected, there’s a big chance of a men-in-the-middle attack like a phishing attack with a malicious purpose. In other words, a mismatch will point that someone has altered the data and might be dangerous. 
  • IP network owners usually require rDNS because this way, they can better organize their network. 
  • Business owners get this feature to ensure the emails they send reach their correct destination instead of being thrown into the spam folder. And that the emails they receive are safe and not a dangerous threat.
  • It can help to obtain the name of Internet service providers (ISPs) associated with specific IP addresses. 
  • Searching domain registry and registrars files, rDNS can also track the domain of a computer attempting to violate a firewall, spammers, or hackers. 

How does rDNS work? 

To reverse the process, and this time resolve an IP address to a domain name, some participants and their contributions are required. Basically, Reverse Master Zone and PTR records.

Reverse Master Zone. It is a Primary DNS zone on an authoritative DNS server used to resolve IP addresses to domains. You need to create such a zone. It will be the necessary environment for PTR records to live and work properly. 

A reverse lookup goes across the DNS hierarchy just as the more usual forward lookup does. However, for executing reverse lookups, there is a specific root domain in-addr.arpa. Inside this domain, subdomains are generated using the IP address numbers’ order in reverse because the information on it gets more specific from the left to the right direction. For instance, this 134.118.101.1/18 becomes 101.118.134.in-addr.arpa (reverse lookup domain). 

PTR record. This PTR or pointer record holds exactly the mapping of the IP address to the domain name. 

An A record or AAAA record is required for every PTR you use. A or AAAA and PTR work in the opposite direction, meaning A or AAAA maps domains to IP addresses. PTR is the exact opposite. 

When someone sends you an email, your mail server will check the PTR record to verify that the IP address matches with the domain it claims to come from and that operation is an rDNS lookup. To double-check, the A or AAAA record will also be examined.

PTR records are sort of an ID for mail servers. With it, servers can give certainty about the identity of the senders. Recipients can know that sender’s IP address hasn’t been altered by spammers. Online security is a permanent worry, and to reduce or eliminate spam is a daily mission. Therefore, without a PTR record, mail servers (receivers) will reject properly configured emails.

Conclusion.

Online security can’t be taken for granted. Reverse DNS (rDNS) is an efficient verification method to strengthen your security. Besides proving the legit link between IP addresses and a domain, rDNS gives certainty about services’ trustability. Give it a try!