What is "reverse DNS" and do I need it?

Reverse DNS is IP address to domain name mapping - the opposite of forward (normal) DNS which maps domain names to IP addresses.

Reverse DNS is separate from forward DNS.
Forward DNS for "abc.com" pointing to IP address "1.2.3.4", does not necessarily mean that reverse DNS for IP "1.2.3.4" also points to "abc.com".
This comes from two separate sets of data.

A special PTR-record type is used to store reverse DNS entries. The name of the PTR-record is the IP address with the segments reversed + ".in-addr.arpa".
For example the reverse DNS entry for IP 1.2.3.4 would be stored as a PTR-record for "4.3.2.1.in-addr.arpa".

Reverse DNS is also different from forward DNS in who points the zone (domain name) to your DNS server.
With forward DNS, you point the zone to your DNS server by registering that domain name with a registrar.
With reverse DNS, your Internet connection provider (ISP) must point (or "sub-delegate") the zone ("....in-addr.arpa") to your DNS server.
Without this sub-delegation from your ISP, your reverse zone will not work.

Reverse DNS is mostly used by humans for such things as tracking where a web-site visitor came from, or where an e-mail message originated etc.
It is typically not as critical in as forward DNS - visitors will still reach your web-site just fine without any reverse DNS for your web-server IP or the visitor's IP.

However reverse DNS is important for one particular application.
Many e-mail servers on the Internet are configured to reject incoming e-mails from any IP address which does not have reverse DNS.
So if you run your own e-mail server, reverse DNS must exist for the IP address that outgoing e-mail is sent from.
It does not matter what the reverse DNS record for your IP address points to as long as it is there. If you host multiple domains on one e-mail server, just setup reverse DNS to point to whichever domain name you consider primary.
(e-mail servers checking for reverse DNS do recognize that it is normal to host many domains on a single IP address and it would be impossible to list all those domains in reverse DNS for the IP).

Special note about AOL:
It appears that AOL has recently restricted this even further:
They also require that reverse DNS points to a "fully qualified domain name" (we assume they mean a name with 3 or more segments, such as "mail.jhsoft.com"), and that this name does not contain the segments "in-addr.arpa" and is not just an IP address.
If you want to be able to send e-mail to AOL users, the reverse DNS record for your e-mail server IP address must adhere to this as well.
For details, please see http://postmaster.aol.com/Postmaster.Errors.php#whatisrdns

Related KB articles:

 Comments
Gravatar
13 Apr 2013 17:34 UTC
James
By "fully qualified domain name" AOL mean a name that ends in the root zone, i.e. one that ends with a trailing dot, e.g. "jhsoft.com.". It has nothing to do with the number of 'segments'.

Thus an acceptable rDNS to AOL is one like
218.237.68.77.in-addr.arpa name = jhsoft.com.

http://en.wikipedia.org/wiki/Fully_qualified_domain_name
(TBH I would've expected you to have known this)
JH Software
8 May 2013 14:50 UTC
JH Software
Hi James,
What you write is of course the correct definition of the term FQDN.
And if you edit DNS zone files by hand, you do of course need to be careful about having those trailing dots or not.
However I still have to disagree with your statement - the number of segments IS important here.
What AOL means is that you must specify the full name (like mail.jhsoft.com) rather than just the host name (mail).
A domain name with a single segment (even terminated with a dot) would not be acceptable to AOL since it is not a valid host name on the Internet (a single segment name would be a TLD - not a host name).
In other words, the name must have at least 2 segments.
Gravatar
4 Apr 2017 16:31 UTC
Done done
Great article. Thanks !
Gravatar
4 Jan 2019 18:25 UTC
Josh
Why would a Windows DNS server ignore a PTR record when attempting a lookup against an IP address?
JH Software
31 Jan 2019 21:40 UTC
JH Software
Sounds like something is not configured correctly with your reverse DNS. Please e-mail us the details if you want us to take a closer look.
Gravatar
10 Nov 2022 10:23 UTC
Glad
For my RIPE subnet to have Reverse DNS, do I need to own a valid public domian registered?
(Never published. Used for replies and to show your Gravatar icon. Never used for any other purpose.)
Connect