PTR reverse resolution is the mapping from IP address to domain name, as opposed to forward resolution that maps domain name to IP address.
Because an IP may be used by multiple domain names, it is necessary to verify whether an IP address corresponds to one or more domain names when performing reverse resolution. If starting from the IP and traversing the entire DNS system for verification, it will not be possible due to the huge project. Therefore, RFC1035 defines PTR (Pointer Record) records. A PTR record points an IP address to a domain name.
PS C:\Users> nslookup.exe -qt=ptr 123.125.81.6 #反向解析360公共DNS 123.125.81.6
服务器: public-dns-a.baidu.com
Address: 180.76.76.76
非权威应答:
6.81.125.123.in-addr.arpa name = pub1.sdns.360.cn #注意6.81.125.123.in-addr.arpa 这里IP的顺序是反的
Purpose: e.g. email security
When the recipient receives an email from a public IP, the domain name pointed to by the public IP can be resolved through PTR. For example: [email protected], the sender’s email domain is qq.com, if the domain name resolved by PTR includes the sender’s domain qq.com, the email is considered to have passed the PTR security check, and the receiving process continues to be normal Carry on later. If the PTR security check is not passed, the email may be discarded or placed in the spam directory.
Why is the IP sequence reversed in the analysis of PTR?
ICANN ( Internet Corporation for Assigned Names and Numbers ) has added a tld (generic top-level domain) ".arpa." to be responsible for mapping IP to domain names.
| area | usage |
|---|---|
| ip6.arpa | Used to map IPv6 addresses to Internet domain names |
| in-addr.arpa | Used to map IPv4 addresses to Internet domain names |
The principle of prt is the same as the principle of dns for domain name checking IP
When we parse:, www.baidu.com.the dns root is dot, the top-level domain name is com, the second-level domain name is Baidu, and the third-level domain name is www. First find out who parses com from the root, then find who parses baidu.com from com, then find who parses www.baidu.com from baidu.com, and finally find the corresponding parse value.
When we analyze 123.125.81.6the PTR of this IP, it can be understood that we must first find 123.in-addr.arpa from in-addr.arpa, and then find 125.123.in-addr.arpa from 123.in-addr.arpa. Then from 125.123.in-addr.arpa find 81.125.123.in-addr.arpa who parses, then from 81.125.123.in-addr.arpa find 6.81.125.123.in-addr.arpa who parses, and finally find the parsed domain name.
Therefore, 6.81.125.123.in-addr.arpa can be understood as a domain name. When using PTR to resolve, it will automatically change the IP into the domain name of in-addr.arpa and then resolve the value.
Who will add PTR resolution
Public network IP : Reverse resolution cannot be provided by the DNS service provider, because the management authority of the IP address belongs to the operator, so it is necessary to apply to the operator (ISP) to add reverse resolution. If you use the public cloud, you usually need to ask the customer service of the public cloud or check the official documents for the steps to add PTR resolution.
Intranet IP : PTR resolution can be configured by itself.
It is easy to understand who is responsible. Conventional domain names are managed by DNS service providers, so DNS resolution looks for it. The public network IP is managed by the operator (ISP), so PTR looks for it to resolve.
The domain name has not been changed and the public network IP has been changed. Do you want to add PTR resolution again?
Answer: yes
Reference: .ARPA Domain (iana.org)
Reference: reverse analysis and PTR records (aliyun.com)
Reference: "DNS and BIND" (Fifth Edition)