Description of DNS Reverse LookupsLast reviewed: December 29, 1997Article ID: Q164213 |
The information in this article applies to:
SUMMARYIn a Domain Name System (DNS) environment, it is common for a user or an application to request a Reverse Lookup of a host name, given the IP address. This article explains this process.
MORE INFORMATIONThe following is quoted from RFC 1035:
"The Internet uses a special domain to support gateway location and Internet address to host mapping. Other classes may employ a similar strategy in other domains. The intent of this domain is to provide a guaranteed method to perform host address to host name mapping, and to facilitate queries to locate all gateways on a particular network on the Internet. The domain begins at IN-ADDR.ARPA and has a substructure which follows the Internet addressing structure. Domain names in the IN-ADDR.ARPA domain are defined to have up to four labels in addition to the IN-ADDR.ARPA suffix. Each label represents one octet of an Internet address, and is expressed as a character string for a decimal value in the range 0-255 (with leading zeros omitted except in the case of a zero octet which is represented by a single zero). Host addresses are represented by domain names that have all four labels specified."Reverse Lookup files use the structure specified in RFC 1035. For example, if you have a network which is 150.10.0.0, then the Reverse Lookup file for this network would be 10.150.IN-ADDR.ARPA. Any hosts with IP addresses in the 150.10.0.0 network will have a PTR (or 'Pointer') entry in 10.150.IN- ADDR.ARPA referencing the host name for that IP address. A single IN-ADDR.ARPA file may contain entries for hosts in many domains. Consider the following scenario. There is a Reverse Lookup file 10.150.IN-ADDR.ARPA with the following contents:
1.20 IN PTR WS1.ACME.COM. 2.20 IN PTR WS2.ACME.COM. 3.20 IN PTR WS3.ACME.COM. 50.100 IN PTR FREE.MONEY.COM. 190.50 IN PTR J232.MSN.COM.If a DNS resolver wanted to find the host name corresponding to IP address 150.10.20.1, it would send a query of the form QTYPE=PTR, QCLASS=IN, QNAME=1.20.10.150.IN-ADDR.ARPA, and would receive:
1.20.10.150.IN-ADDR.ARPA. WS1.ACME.COM.The following is a Network Monitor capture of this process: Frame 1: This frame shows the query for host name resolution of the IP address 150.10.20.1. Note that this is consistent with RFC 1035. QTYPE=Question Type, QCLASS=Question Class and QNAME=Question Name. 0x1:Std Qry for 1.20.10.150.in-addr.arpa. of type Dom. name ptr on class INET addr.
DNS: Question Section: 1.20.10.150.in-addr.arpa. of type Dom. name ptr
on class INET addr.
DNS: Question Name: 1.20.10.150.in-addr.arpa.
DNS: Question Type = Domain name pointer
DNS: Question Class = Internet address class
Frame 2: Here you see the answer section of the response sent back to the
requesting client has the host name of the IP address 150.10.20.1, which is
WS1.ACME.COM.
0x1:Std Qry Resp. for 1.20.10.150.in-addr.arpa. of type Dom. name ptr on class INET addr.
DNS: Answer section: 1.20.10.150.in-addr.arpa. of type Dom. name ptr on
class INET addr.(3 records present)
DNS: Resource Record: 1.20.10.150.in-addr.arpa. of type Dom. name
ptr on class INET addr.
DNS: Resource Name: 1.20.10.150.in-addr.arpa.
DNS: Resource Type = Domain name pointer
DNS: Resource Class = Internet address class
DNS: Time To Live = 3600 (0xE10)
DNS: Resource Data Length = 21 (0x15)
DNS: Pointer: WS1.ACME.COM.
Microsoft Windows NT 4.0 DNS Server is compliant with RFC 1035's
description of DNS Reverse Lookups.
Keywords : NTSrv Version : WinNT:4.0 Platform : winnt |
================================================================================
© 1998 Microsoft Corporation. All rights reserved. Terms of Use. |