CONCEPT Cited by 1 source
DNS reverse lookup (PTR record)¶
Reverse DNS is the DNS operation of looking up a hostname
given an IP address — the inverse of normal forward resolution.
It uses PTR records (pointer record)
under the special in-addr.arpa pseudo-domain (and
ip6.arpa for IPv6). For IPv4, the address's octets are
reversed: to look up 104.16.0.1, query
PTR 1.0.16.104.in-addr.arpa.
Structural properties¶
- Much less reliable than forward DNS. Forward DNS (hostname → IP) is the critical path for connection establishment and is maintained by anyone who wants their hostname to work. Reverse DNS is often neglected: many IPs have no PTR record at all; others have PTRs on authoritative nameservers that are slow or overloaded.
- Reverse-DNS-heavy workloads are rare, which means DNS infrastructure is often sized for forward-lookup rates. A workload that reverse-resolves every IP in a log stream can generate orders of magnitude more PTR queries than the forward-lookup rate the DNS infra is sized for — a canonical workload-induced saturation class.
- Private and public IP spaces behave differently. Private
RFC-1918 ranges (
10.,172.16.,192.168.) are typically served by a local authoritative nameserver (fast, cache-warm); public IPs require recursion across the public Internet to arbitrary third-party nameservers (slow, cache-cold, failure- prone).
Seen in¶
- Stripe — The secret life of DNS packets (2024-12-12). A
Hadoop job analysing network-activity logs performed reverse
DNS on every IP encountered. 90% of the reverse-lookup
traffic hit
104.16.0.0/12(Cloudflare), whose authoritative PTR lookups took long enough that Stripe's central DNS server queue grew without bound and saturated the VPC resolver's packet-rate limit. The fix separated forwarding rules for10.in-addr.arpa.(private, fast) from.in-addr.arpa.(public, slow) so Unbound's smoothed-RTT retry timeout state for the two zones stayed independent.