Description of DNS Reverse Lookups

Article translations Article translations
Article ID: 164213 - View products that this article applies to.
This article was previously published under Q164213
Expand all | Collapse all


In a Domain Name System (DNS) environment, it is common for a user or an application to request a Reverse Lookup of a host name, given the IP address. This article explains this process.


The following is quoted from RFC 1035:
"The Internet uses a special domain to support gateway location and Internet address to host mapping. Other classes may employ a similar strategy in other domains. The intent of this domain is to provide a guaranteed method to perform host address to host name mapping, and to facilitate queries to locate all gateways on a particular network on the Internet.

"The domain begins at IN-ADDR.ARPA and has a substructure which follows the Internet addressing structure.

"Domain names in the IN-ADDR.ARPA domain are defined to have up to four labels in addition to the IN-ADDR.ARPA suffix. Each label represents one octet of an Internet address, and is expressed as a character string for a decimal value in the range 0-255 (with leading zeros omitted except in the case of a zero octet which is represented by a single zero).

"Host addresses are represented by domain names that have all four labels specified."
Reverse Lookup files use the structure specified in RFC 1035. For example, if you have a network which is, then the Reverse Lookup file for this network would be 10.150.IN-ADDR.ARPA. Any hosts with IP addresses in the network will have a PTR (or 'Pointer') entry in 10.150.IN- ADDR.ARPA referencing the host name for that IP address. A single IN- ADDR.ARPA file may contain entries for hosts in many domains.

Consider the following scenario. There is a Reverse Lookup file 10.150.IN-ADDR.ARPA with the following contents:
   1.20          IN     PTR     WS1.ACME.COM.
   2.20          IN     PTR     WS2.ACME.COM.
   3.20          IN     PTR     WS3.ACME.COM.
   50.100        IN     PTR     FREE.MONEY.COM.
   190.50        IN     PTR     J232.MSN.COM.

If a DNS resolver wanted to find the host name corresponding to IP address, it would send a query of the form QTYPE=PTR, QCLASS=IN, QNAME=, and would receive:   WS1.ACME.COM.

The following is a Network Monitor capture of this process:

Frame 1: This frame shows the query for host name resolution of the IP address Note that this is consistent with RFC 1035. QTYPE=Question Type, QCLASS=Question Class and QNAME=Question Name.
0x1:Std Qry for of type Dom. name ptr on class
INET addr.

   DNS: Question Section: of type Dom. name ptr
        on class INET addr.
      DNS: Question Name:
      DNS: Question Type = Domain name pointer
      DNS: Question Class = Internet address class

Frame 2: Here you see the answer section of the response sent back to the requesting client has the host name of the IP address, which is WS1.ACME.COM.
0x1:Std Qry Resp. for of type Dom. name ptr on
class INET addr.

   DNS: Answer section: of type Dom. name ptr on
         class INET addr.(3 records present)
      DNS: Resource Record: of type Dom. name
           ptr on class INET addr.
         DNS: Resource Name:
         DNS: Resource Type = Domain name pointer
         DNS: Resource Class = Internet address class
         DNS: Time To Live = 3600 (0xE10)
         DNS: Resource Data Length = 21 (0x15)
         DNS: Pointer: WS1.ACME.COM.

Microsoft Windows NT 4.0 DNS Server is compliant with RFC 1035's description of DNS Reverse Lookups.


Article ID: 164213 - Last Review: February 27, 2007 - Revision: 1.2
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows NT Server 4.0 Standard Edition

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from