Article ID: 164213 - View products that this article applies to.
This article was previously published under Q164213
In a Domain Name System (DNS) environment, it is common for a user or an application to request a Reverse Lookup of a host name, given the IP address. This article explains this process.
The following is quoted from RFC 1035:
"The Internet uses a special domain to support gateway location and Internet address to host mapping. Other classes may employ a similar strategy in other domains. The intent of this domain is to provide a guaranteed method to perform host address to host name mapping, and to facilitate queries to locate all gateways on a particular network on the Internet.Reverse Lookup files use the structure specified in RFC 1035. For example, if you have a network which is 184.108.40.206, then the Reverse Lookup file for this network would be 10.150.IN-ADDR.ARPA. Any hosts with IP addresses in the 220.127.116.11 network will have a PTR (or 'Pointer') entry in 10.150.IN- ADDR.ARPA referencing the host name for that IP address. A single IN- ADDR.ARPA file may contain entries for hosts in many domains.
"The domain begins at IN-ADDR.ARPA and has a substructure which follows the Internet addressing structure.
"Domain names in the IN-ADDR.ARPA domain are defined to have up to four labels in addition to the IN-ADDR.ARPA suffix. Each label represents one octet of an Internet address, and is expressed as a character string for a decimal value in the range 0-255 (with leading zeros omitted except in the case of a zero octet which is represented by a single zero).
"Host addresses are represented by domain names that have all four labels specified."
Consider the following scenario. There is a Reverse Lookup file 10.150.IN-ADDR.ARPA with the following contents:
1.20 IN PTR WS1.ACME.COM. 2.20 IN PTR WS2.ACME.COM. 3.20 IN PTR WS3.ACME.COM. 50.100 IN PTR FREE.MONEY.COM. 190.50 IN PTR J232.MSN.COM.
If a DNS resolver wanted to find the host name corresponding to IP address 18.104.22.168, it would send a query of the form QTYPE=PTR, QCLASS=IN, QNAME=22.214.171.124.IN-ADDR.ARPA, and would receive:
The following is a Network Monitor capture of this process:
Frame 1: This frame shows the query for host name resolution of the IP address 126.96.36.199. Note that this is consistent with RFC 1035. QTYPE=Question Type, QCLASS=Question Class and QNAME=Question Name.
0x1:Std Qry for 188.8.131.52.in-addr.arpa. of type Dom. name ptr on class INET addr. DNS: Question Section: 184.108.40.206.in-addr.arpa. of type Dom. name ptr on class INET addr. DNS: Question Name: 220.127.116.11.in-addr.arpa. DNS: Question Type = Domain name pointer DNS: Question Class = Internet address class
Frame 2: Here you see the answer section of the response sent back to the requesting client has the host name of the IP address 18.104.22.168, which is WS1.ACME.COM.
0x1:Std Qry Resp. for 22.214.171.124.in-addr.arpa. of type Dom. name ptr on class INET addr. DNS: Answer section: 126.96.36.199.in-addr.arpa. of type Dom. name ptr on class INET addr.(3 records present) DNS: Resource Record: 188.8.131.52.in-addr.arpa. of type Dom. name ptr on class INET addr. DNS: Resource Name: 184.108.40.206.in-addr.arpa. DNS: Resource Type = Domain name pointer DNS: Resource Class = Internet address class DNS: Time To Live = 3600 (0xE10) DNS: Resource Data Length = 21 (0x15) DNS: Pointer: WS1.ACME.COM.
Microsoft Windows NT 4.0 DNS Server is compliant with RFC 1035's description of DNS Reverse Lookups.