1. Library
  2. Computer Networks
  3. Dns
  4. Records

PTR Records: Reverse DNS Lookups

Updated 36 minutes ago

Forward DNS is a claim. Reverse DNS is proof.

When you look up mail.example.com, DNS tells you it points to 203.0.113.42. Anyone with a domain can make that claim. But when you look up that IP and ask "what hostname owns you?", only the actual owner of the IP address can answer. PTR records provide that answer—they're the reverse lookup that maps IP addresses back to hostnames.

Trust on the Internet often comes down to one question: are you who you claim to be? Email servers ask this constantly. When your mail server connects from 203.0.113.42 claiming to send mail for example.com, the receiving server performs a reverse lookup. If the PTR record confirms the relationship, you've proven something: you don't just own a domain name, you control actual network infrastructure.

How PTR Records Work

A PTR record is the mirror image of an A record. Where an A record says "this hostname points to this IP," a PTR record says "this IP points to this hostname." The records live in completely different places—your A records live in your domain's DNS zone, but PTR records live in special reverse DNS zones controlled by whoever owns the IP address space.

This separation reflects reality: domains and IP addresses have different owners. You might own example.com, but you don't own 203.0.113.42—your hosting provider or ISP does. They control the reverse DNS zone for their IP addresses, which means they control whether your server gets a PTR record at all.

The Reversed Address Format

PTR records use a convention that looks wrong until you understand why. To look up the PTR record for 203.0.113.42, you query 42.113.0.203.in-addr.arpa. The IP address is reversed.

DNS hierarchy reads left-to-right, from most specific to least specific. In www.example.com, "www" is more specific than "example," which is more specific than "com." For reverse DNS to follow the same pattern, IP addresses must be flipped—42 (the specific host) comes before 113.0.203 (the network).

IPv6 follows the same logic but expands dramatically. Each hexadecimal digit becomes its own label. The address 2001:db8::1 becomes 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa—32 separate labels in the ip6.arpa zone.

Email: Where PTR Records Matter Most

Mail servers don't trust easily. When your server connects to deliver email, the receiving server immediately performs a reverse lookup on your IP address. Three outcomes are possible:

No PTR record exists. Many mail servers reject the connection outright. Legitimate mail infrastructure has reverse DNS configured. Its absence suggests a compromised home computer or temporary spam operation.

PTR record exists but doesn't match. If your IP's PTR record points to server47.hostingcompany.com but you're claiming to send mail for example.com, that mismatch raises suspicion. You might still get through, but with additional scrutiny.

PTR record matches and verifies. The gold standard. Your IP points to mail.example.com, and mail.example.com points back to your IP. This bidirectional verification—called forward-confirmed reverse DNS (FCrDNS)—proves you control both the domain and the infrastructure.

As of February 2024, Google and Yahoo require FCrDNS for bulk email senders1. This isn't optional—messages from IPs without proper forward-confirmed reverse DNS face rejection or spam filtering.

Forward-Confirmed Reverse DNS

FCrDNS requires both directions to agree. The IP 203.0.113.42 must have a PTR record pointing to mail.example.com, and mail.example.com must have an A record pointing back to 203.0.113.42.

This bidirectional check catches a specific kind of abuse. Someone could set up a PTR record pointing to a hostname they don't control—but they can't make that hostname point back without owning the domain. FCrDNS verification requires ownership of both the IP address (to set the PTR) and the domain (to set the A record).

Who Controls Your PTR Records

You probably don't. PTR records are managed by whoever owns the IP address, and you almost certainly lease your IPs rather than own them.

  • Cloud providers (AWS, Google Cloud, Azure) typically offer interfaces to set PTR records for your instances
  • Dedicated server providers usually let you configure reverse DNS through their control panel
  • ISPs may allow PTR configuration for business accounts; residential connections rarely get this option

Most providers verify that your hostname already resolves to their IP address before allowing the reverse mapping.

Beyond Email

PTR records serve purposes beyond email verification:

Logging and monitoring. System logs become more readable when IP addresses resolve to hostnames. Seeing mail.example.com in a log provides immediate context that 203.0.113.42 doesn't.

Security verification. Network monitoring tools use reverse DNS to identify connecting systems. Intrusion detection systems flag connections from IPs with missing or suspicious PTR records.

Troubleshooting. When diagnosing network issues, reverse lookups help identify which organization owns a problematic IP address. The PTR record often reveals the hosting provider or network operator responsible.

Frequently Asked Questions About PTR Records

Sources

Sources

  1. Google Email Sender Guidelines

Was this page helpful?

😔
🤨
😃
PTR Records: Reverse DNS Lookups • Library • Connected