Reverse DNS
On the Internet, reverse DNS lookup or reverse DNS mapping (rDNS) is using the Domain Name System (DNS) to look up a name that is associated with a given IP address.
With normal, or forward DNS, a domain name is used to look up information associated with that domain, including the IP addresses of its nameservers, webservers, and mailservers, and any general text information the domain owner would like to publish, including authentication records for the domain's mail transmitters. With reverse DNS, an IP address is used to look up a name associated with that address.
Information in forward DNS is under the control of the domain owner. Information in reverse DNS is under the control of the network owner, or at least the lowest owner to which authority over a block of addresses has been delegated.
In general, reverse DNS is not as reliable as forward DNS. This is due to the communication barriers between owners of small domains and owners of large networks, and the lack of incentive for network owners to keep reverse DNS records up to date. Often they simply run a script which assigns numerical names in sequence to each address in their allocation. These automated names have no connection with the actual use of the address.
Another factor making reverse DNS problematic is the trend to Virtual Private Servers - using one machine and IP address to host many unrelated domains. While it is possible to publish multiple names for one IP address, the resulting uncertainty can frustrate an authentication method relying on reverse DNS.
Examples
Email authentication
Reverse DNS provides a quick, but not very reliable method to verify the domain responsible for transmitting an email. See Email authentication for more discussion. Here are the steps:
1) The receiver gets a TCP connection request from a transmitter at IP address 98.136.44.63. Request granted.
2) The receiver does a reverse DNS query on the IP address.
$ dig ptr 63.44.136.98.in-addr.arpa ... ;; ANSWER SECTION: 63.44.136.98.in-addr.arpa. 1200 IN PTR smtp108.prem.mail.sp1.yahoo.com. ...
3) The receiver does a normal DNS query on the resulting "IPname".
$ dig a smtp108.prem.mail.sp1.yahoo.com ... ;; ANSWER SECTION: smtp108.prem.mail.sp1.yahoo.com. 1800 IN A 98.136.44.63 ...
Explanatory notes
The text forms shown here are from a terminal session using the BIND utility 'dig'. In a real mail receiver, the queries and responses would be packets of binary data.
in-addr.arpa is the branch of DNS holding all reverse query information. ARPA was the US government agency which started the Internet. The registry in now under the control of ICANN.
PTR is a "pointer" record in DNS. It "points" an address to a name, the opposite of an A record, which points a name to an address.
The numbers in the ptr query are reversed, because of the way authority is delegated from the largest blocks to smaller blocks of IP addresses. In the query, numbers are just treated as normal characters, so '63' is a subdomain of '44', which is a subdomain of '136', etc.
The third step is essential for authentication. It proves that the network owner and domain owner agree on the association of the domain name with the IP address. Otherwise a crooked domain owner could claim to be yahoo.com by simply publishing a A record with Yahoo's IP address.