display | more...
A term used to describe the way that DNS clients determine the name of a host from its IP address. That is, given a host's IP address, the DNS client needs to know the name. This is the "reverse" of the typical way that DNS is used, which is to submit a query for an IP address (i.e., an A record) given a host name.

Reverse lookup depends on a special resource record in the DNS, the PTR record. PTR records live in a peculiar namespace within the DNS, the IN-ADDR.ARPA namespace. Within this namespace, the convention is to reverse the octets of the IP address to query for names. For example, suppose a host has address 192.1.2.3. Given the following PTR record:

     ARPA.IN-ADDR.192.1.2.3  PTR   myhost.mydomain.com.


a DNS query on "3.2.1.192.IN-ADDR.ARPA" will yield the result "name=myhost.mydomain.com".

A significant number of services use reverse lookups to ensure that the host connecting to the service is who it purports to be. For example, the Berkeley "r-commands" (e.g., rsh and rlogin) use this mechanism: first the service checks to see what IP address is attempting a connection; then, it performs a reverse DNS lookup to find the domain name corresponding to the IP address; next, the service looks up the host name in its security database to determine whether the host is authorized to use the service. This provides an easy, first-level security check against unauthorized hosts using the service: you have to spoof either the IP address of the connecting host or the DNS used by the server to get around this check.

Log in or register to write something here or to contact authors.