In this article, we are going to explore the Reverse DNS zone. It is a special type of DNS zone that you could need so other servers can verify the IP address of their incoming mails. It works very similarly to the Forward DNS zone, but there is a significant difference.
Forward DNS lookup and Reverse DNS lookup
The Forward DNS lookup (typical one) is usually a DNS query for a name record. The goal is to find the IP address behind the domain name. In the case of the Reverse DNS lookup, we are doing exactly the opposite. We need to find out who (which domain name) is behind a particular IP address.
You might think – If you have the IP address, why do you need more?
The Reverse DNS lookup is a way to trace and verify that the IP address is really a part of the domain and does not come from a cyber criminal’s computer.
Reverse DNS zone
The Reverse DNS zone, just like the Forward DNS zone, is an administrative part of the domain name space which holds DNS records, but it has the opposite purpose – link IP addresses to the domain name. Another big difference here is that it is limited to just a few types of records – PTR, SOA, and NS.
The SOA record is the same as in the Forward DNS zone. It has information about the zone and zone transfers.
The NS record shows the authoritative name servers for the domain name.
The PTR is the big difference. It is a DNS record that can only exist inside a Reverse DNS zone and points IP addresses (both IPv4 addresses and IPv6 addresses) to the domain name. Inside the Reverse zone, you will add all the IP addresses you need in the form of PTR records so other hosts can verify their origin.
We should make an important point that the Reverse DNS zone uses another domain – in-addr.arpa. It will offer an FQDN (fully qualified domain name) for each IP address on the Internet.
Creating a Reverse DNS zone, you will be getting administrative privileges for the portion of the in-addr.arpa domain. So, it will be a subdomain to it.
One strange thing is that you will need to add the IP addresses in reverse order. If you want to add 212.123.3.200 you will add it as 200.3.123.212.in-addr.arpa.
You should add it like this because we read domains from right to left.
You can create a Reverse DNS zone for a single IP address or a range of IP addresses, depending on how many hosts you have.
The Reverse zone could be Primary, and you can edit it and add new DNS records. It could also be a Secondary Reverse zone that will be just a copy of the Primary, and you won’t be able to edit any of the records.
Conclusion
So, the Reverse DNS zone is a separate zone file containing PTR records that map IP addresses to domain names. It is needed, so other people and machines can verify the belonging of those IP addresses.