Reverse IP Lookup

What Is Reverse IP Lookup?

A reverse IP lookup (also known as reverse DNS lookup or rDNS) resolves an IP address back to a hostname. While standard DNS converts domain names to IP addresses (forward lookup), reverse DNS does the opposite — given an IP like 8.8.8.8, it returns the associated hostname (dns.google).

This is accomplished through PTR (Pointer) records stored in a special DNS zone. For IPv4 addresses, the reverse zone uses the .in-addr.arpa domain. For IPv6, it uses .ip6.arpa. The IP address octets are reversed and appended to this domain to form the lookup query.

How Reverse DNS Works

The reverse DNS lookup process for an IPv4 address like 192.168.1.100 follows these steps:

1. Reverse the octets: 100.1.168.192
2. Append .in-addr.arpa: 100.1.168.192.in-addr.arpa
3. Query DNS for a PTR record at that name
4. The PTR record returns the associated hostname

For IPv6, the process is similar but uses individual nibbles (4-bit hex digits) reversed and separated by dots, appended to .ip6.arpa.

Why Reverse DNS Matters

Email Deliverability

Reverse DNS is critical for email. Most receiving mail servers check that the sending IP has a valid PTR record and perform forward-confirmed reverse DNS (FCrDNS) — they verify that the PTR hostname resolves back to the same IP. IPs without PTR records, or with mismatched PTR records, are frequently rejected or flagged as spam.

If you run a mail server (or use a dedicated IP for sending email through services like Amazon SES or SendGrid), you must ensure:

• The IP has a PTR record pointing to a meaningful hostname
• The hostname resolves back to the same IP (forward-confirmed)
• The hostname matches or relates to your sending domain

Security and Trust

Reverse DNS is used by firewalls, intrusion detection systems, and security tools to identify connecting hosts. Connections from IPs without PTR records may be considered higher risk. Some services block or throttle connections from IPs without valid reverse DNS.

Logging and Diagnostics

Server logs often include reverse DNS hostnames alongside IP addresses, making it easier to identify the source of connections. Network diagnostic tools like traceroute use reverse DNS to display hostnames at each hop.

How to Set Up Reverse DNS (PTR Records)

Unlike forward DNS records (A, MX, TXT) that you manage in your domain's DNS zone, PTR records are managed by the entity that controls the IP address block. This is typically your hosting provider or ISP.

Cloud Providers

• AWS EC2: Request PTR record changes through the AWS support form for Elastic IPs
• Google Cloud: Set reverse DNS in the VM instance settings for static external IPs
• DigitalOcean: Automatically sets the PTR record to your droplet name (rename the droplet to your desired hostname)
• Vultr: Set reverse DNS in the server settings panel
• Hetzner: Configure PTR records in the Cloud Console under IP settings

Dedicated Servers / Colocation

Contact your hosting provider and request they create a PTR record mapping your IP to your desired hostname. Most providers have a support form or control panel option for this.

ISP (Residential/Business)

For ISP-assigned IP addresses, contact your ISP to request a PTR record. Many consumer ISPs set generic PTR records (e.g., pool-192-168-1-100.provider.net) but may set custom ones for business accounts.

Understanding PTR Records

PTR (Pointer) records are the fundamental DNS record type used in reverse DNS lookups. Key characteristics:

• One PTR per IP (typically): While multiple PTR records are technically valid, convention is one PTR per IP address
• Managed by IP owner: Unlike A records (managed by domain owner), PTR records are managed by whoever controls the IP block
• Stored in reverse zones: PTR records live in the .in-addr.arpa (IPv4) or .ip6.arpa (IPv6) zones
• Should forward-confirm: The hostname in the PTR should resolve back to the same IP for maximum trust

Common Reverse DNS Issues

No PTR Record

The most common issue. Many cloud instances and consumer IP addresses lack PTR records. This causes problems with email deliverability and some security tools. Solution: Contact your hosting provider to set up reverse DNS.

Generic PTR Record

ISPs often set generic PTR records like pool-192-168-1-100.isp.net. While technically valid, these are associated with dynamic/consumer IPs and may cause email deliverability issues. For servers sending email, request a custom PTR matching your domain.

Mismatched PTR (No Forward Confirmation)

If the PTR record points to mail.example.com but mail.example.com resolves to a different IP, forward-confirmed reverse DNS (FCrDNS) fails. Many mail servers check for this. Ensure the PTR hostname resolves back to the same IP.

Reverse IP Lookup for Network Investigation

Security professionals and system administrators use reverse IP lookups for:

• Identifying hosting providers: PTR records reveal whether an IP belongs to AWS, Google Cloud, Cloudflare, etc.
• Tracking suspicious activity: Reverse DNS helps identify the source of malicious connections in server logs
• Verifying server identity: Confirm that an IP address belongs to the expected organization
• Network mapping: Understanding the infrastructure behind IP addresses during penetration testing or incident response

Related DNS Tools

Complete your DNS investigation with our other free tools:

• MX Lookup — Find mail servers for any domain
• CNAME Lookup — Look up DNS records (A, CNAME, MX, NS, TXT)
• SPF Checker — Validate SPF records for email authentication
• DKIM Checker — Check DKIM records and key strength
• DMARC Checker — Verify DMARC policies and reporting configuration

Frequently Asked Questions About Reverse IP Lookup

What is a reverse IP lookup?

A reverse IP lookup resolves an IP address to a hostname using PTR records. It's the opposite of a regular DNS lookup, which converts hostnames to IPs. The lookup queries the .in-addr.arpa (IPv4) or .ip6.arpa (IPv6) zone.

How does reverse DNS work?

For IPv4, the octets are reversed and .in-addr.arpa is appended. For example, 8.8.8.8 becomes 8.8.8.8.in-addr.arpa. A PTR record query on this name returns the associated hostname.

Why is reverse DNS important for email?

Mail servers check PTR records to verify senders. IPs without PTR records are often rejected as spam. Forward-confirmed reverse DNS (hostname resolves back to the same IP) is required by many receiving servers.

How do I set up a PTR record?

PTR records are managed by the IP address owner — your hosting provider or ISP. Contact them to set up reverse DNS. Cloud providers (AWS, GCP, DigitalOcean) often have self-service options in their control panels.

What is a PTR record?

A PTR (Pointer) record maps an IP address to a hostname — the reverse of an A record. PTR records are stored in reverse DNS zones and are managed by the entity controlling the IP address block.

What does it mean if no PTR record is found?

No PTR record means reverse DNS is not configured for that IP. This is common for consumer IPs but problematic for servers, especially mail servers. Contact your provider to set up reverse DNS.

Can I identify who owns an IP address?

PTR records reveal hosting providers (AWS, Google, Cloudflare, etc.) from hostname patterns. For detailed ownership, perform a WHOIS lookup on the IP address to see the registered organization.

What is the difference between forward and reverse DNS?

Forward DNS converts domain names to IPs (A records). Reverse DNS converts IPs to hostnames (PTR records). Forward DNS is managed by domain owners; reverse DNS is managed by IP owners.