SMIP
All articles
dnsnetworkingadvanced

Reverse DNS lookup explained: what PTR records are and why they matter

A reverse DNS lookup turns an IP address back into a hostname. Here's how the PTR record system works, when it matters (a lot for email; rarely for users), and how to test your own reverse DNS.

May 6, 20265 min read

You're used to DNS going one direction: type cloudflare.com, get back 104.16.132.229. That's a forward lookup — name to IP.

A reverse DNS lookup does the opposite: take an IP, get back a hostname. It's a small, often invisible part of the internet that quietly determines whether your home IP looks like cust-203-0-113-5.cityname.example.net or like nothing at all. For most users it's curiosity. For mail server operators it's the difference between "delivered" and "junk folder."

Here's how it works.

How reverse DNS is structured

DNS uses a tree of namespaces. To look up cloudflare.com, your resolver walks down: root → comcloudflare.com. The PTR record for IP addresses uses a separate, parallel tree:

  • For IPv4: in-addr.arpa
  • For IPv6: ip6.arpa

Each IP gets reversed and turned into a hostname under that tree.

For IPv4 203.0.113.5, the reverse hostname is:

5.113.0.203.in-addr.arpa

Reversed octets, then .in-addr.arpa. Looking up the PTR record for that hostname returns the answer — usually a hostname like lb.example.com.

For IPv6, the address is expanded fully (no :: shorthand), all 32 hex characters reversed and dot-separated, with .ip6.arpa. So 2001:db8::1 becomes:

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa

Yes, ugly. Yes, that's the standard.

Who controls reverse DNS

Forward DNS for your domain is controlled by you (via your registrar and DNS provider). Reverse DNS is controlled by whoever owns the IP block — almost always your ISP or hosting provider. You don't control reverse DNS for IPs you don't own.

That has practical consequences:

  • Your home IP's reverse DNS is whatever your ISP set. Usually generic — cust-203-0-113-5.cityname.example.net or c-203-0-113-5.example-isp.net. Sometimes ISPs leave it unset.
  • Your office IP — same story; whoever runs your network controls it.
  • Cloud / VPS IPs — your provider lets you set custom reverse DNS through their dashboard or API. AWS calls this "PTR records"; Linode and DigitalOcean call it "rDNS"; same thing.

If you're hosting on a VPS and shipping email, the first thing the provider's docs tell you is: configure rDNS to match your sending domain.

Why reverse DNS matters

For normal users, almost never. You can browse, stream, and game without ever caring about reverse DNS.

For these specific cases, it matters a lot:

1. Email deliverability

Mail servers receiving your message check your sending IP's reverse DNS. If the rDNS is missing, generic, or doesn't match your sending domain, the message gets penalized. Some receivers reject outright. The reverse DNS check is one of three pillars of email reputation alongside SPF and DKIM.

If you're running your own mail server, reverse DNS that matches your HELO/EHLO hostname is essential. Without it, expect every major provider to mark you as spam.

2. Network logs and troubleshooting

When a mystery IP appears in your logs, reverse DNS often reveals what kind of system it is — googlebot.com for Google's crawler, aws-region.compute.amazonaws.com for AWS instances, generic ISP customer hostnames for residential users. This is useful triage:

  • Generic customer hostname → probably a real user.
  • Cloud hostname → probably a bot or scraper.
  • No hostname at all → could be either.

3. Trust and authentication

A handful of services that use IP-based authentication (rare, increasingly rarer) verify reverse DNS as a sanity check. Generic ISP hostnames pass; obviously-faked ones don't. Niche use case.

4. Diagnostics

traceroute shows the reverse DNS of each hop. That's how you see meaningful names like ae-2.r03.lhrux01.uk.bb.gin.ntt.net instead of just IPs. Without rDNS, traceroute is harder to read.

How to look up reverse DNS

We're working on a reverse DNS lookup tool (currently our hostname-lookup tool does forward DNS; reverse coming soon).

In the meantime:

Command line

# Linux / macOS
dig -x 8.8.8.8 +short
# → dns.google.

# Or
host 8.8.8.8
# → 8.8.8.8.in-addr.arpa domain name pointer dns.google.

# Or
nslookup 8.8.8.8

Online

Most "what is my IP" sites show reverse DNS for the IP they detect. Multiple WHOIS-style sites let you query arbitrary IPs.

What "no reverse DNS" looks like

Sometimes a lookup returns nothing — NXDOMAIN. That means the IP's owner hasn't configured a PTR record. It's not an error; it's a configuration gap. Common on:

  • Newly allocated cloud IPs.
  • Some residential ISP blocks.
  • IPv6 addresses (often less rigorously configured than IPv4).

For email, "no reverse DNS" is bad. For other purposes, it's fine.

How to set custom reverse DNS

If you control the IP (cloud server, dedicated server, business static IP):

  • AWS EC2: AWS Support → request rDNS update for your Elastic IP. They want a justification.
  • DigitalOcean / Linode / Vultr: rDNS is a field on the IP/droplet/instance. Set the hostname; propagation takes 1–60 minutes.
  • Hetzner / OVH / large hosters: usually a self-service form.
  • Home ISP: rare, but some business plans let you set rDNS via support ticket.

The hostname you set should resolve forward back to the same IP — i.e., forward and reverse DNS should match (called "FCrDNS"). Mail servers often verify this; without it, expect deliverability problems even with rDNS configured.

How "rdns matching" works in practice

Suppose your IP is 203.0.113.5 and you set its reverse DNS to mail.example.com.

  • Forward lookup: mail.example.com → ? — needs to resolve to 203.0.113.5. If it points elsewhere, your rDNS is "lying."
  • Receiving mail servers sometimes verify this match. If mail.example.com resolves to 203.0.113.5 and 203.0.113.5 reverses back to mail.example.com — you've got FCrDNS, and it's a positive signal.
  • If they disagree, your IP looks suspicious. Your mail goes to the spam folder.

Quick FAQ

Does reverse DNS slow things down? A reverse lookup adds a millisecond or two. Almost never noticeable. Most software does them lazily or cached.

Why does my home IP reverse to a weird hostname? Your ISP encodes your customer-facing identity into a default reverse DNS. It's not random — typical patterns include the IP digits, the city, and the ISP name.

Can I change my home IP's reverse DNS? Almost certainly not. Some business ISPs let you, but most consumer providers don't.

Is reverse DNS a privacy leak? Marginally. Generic ISP hostnames reveal city and ISP — same info as the geolocation databases already have. No new privacy concern in practice.

Does reverse DNS reveal my real identity? No. It reveals the network operator, not the user.

TL;DR

  • Reverse DNS turns an IP back into a hostname via PTR records under in-addr.arpa (IPv4) or ip6.arpa (IPv6).
  • The IP block owner controls reverse DNS — usually your ISP or cloud provider.
  • For normal users, irrelevant. For self-hosted email, mission-critical. For network diagnostics, useful.
  • Forward and reverse DNS should agree (FCrDNS) for any service that authenticates by hostname.

Now you know what those weird hostnames in your logs mean.