RDNS - Reverse DNS Pointer Records
By Erik Rodriguez
This article provides an overview of RDNS pointer records. These records are commonly used to identify the origin of host records.
What is a RDNS Pointer?
If you don't know what plain old DNS is, see this article. RDNS (reverse DNS records), often refered to as Reverse DNS Pointers is basically DNS backwards. However, each domain on the internet is not actually going to resolve backwards the same way. What the hell does that mean? Well, I will provide some examples. Every device on the internet has an IP addresses. Some devices (primarly servers) even have more than one. Lets take a look at the DNS and RDNS records from several domains. I will be using the host command in Linux for this, but you can also us nslookup in Windows. First let's take a look at this site. (Items marked in green represent user entered commands)
[weaponx@roswell weaponx]$ host skullbox.net
skullbox.net has address 74.52.121.151
[weaponx@roswell weaponx]$
DNS did its job! It replied with the IP address of skullbox.net. Now, lets look at the reverse DNS record for that IP.
[weaponx@roswell weaponx]$ host 74.52.121.151
151.121.52.74.in-addr.arpa domain name pointer skullbox.net.
[weaponx@roswell weaponx]$
Okay so what? Well, in this case, the DNS and RDNS records match. However, as I mentioned above it won't always work out this way. Why? Well, Skullbox.net is hosted on a dedicated server. The server does not host any other sites besides this one. Therefore, the RDNS (PTR) record is set to reply as skullbox.net. Lets take a look at a different domain that resides on a shared server:
[weaponx@roswell weaponx]$ host erikrodriguez.net
erikrodriguez.net has address 74.52.23.162
[weaponx@roswell weaponx]$
DNS did its job! It replied with the IP address of erikrodriguez.net. Now, lets look at the reverse DNS record for that IP.
[weaponx@roswell weaponx]$ host 74.52.23.162
162.23.52.74.in-addr.arpa domain name pointer amber.orlandotechworks.net.
[weaponx@roswell weaponx]$
Interesting! They don't match? This is because erikrodriguez.net resides on a "shared server." This means the server is hosting other sites besides that one. So, the hosting company, Orlando Tech Works, has set the RDNS record to their server name. In this case, amber.orlandotechworks.net. If you perform a forward and reverse lookup on amber.orlandotechworks.net, they will match, just as they did with skullbox.net.
Conclusion
It's fairly interesting to check the RDNS records of different hosts. You can usually tell where a site is hosted by looking at it's RDNS records, because most hosting companies make all the RDNS entries point to a host in their domain. Another easy way to check where the DNS is parked. If you do a whois on skullbox.net, you'll find that the name servers are ns1.orlandotechworks.net and ns2.orlandotechworks.net. In rare cases, dedicated servers will run their own DNS servers, but this is usually done if they are going to server other domains. If you are going to use RDNS pointers with your domains, make sure that any RDNS pointer records have a valid forward lookup. For example, I could not set a RDNS record for IP 192.168.0.123 to router.skullbox.net, if router.skullbox.net does not resolve to 192.168.0.123. Happy resolving ;)
|