Description of DNS Reverse Lookups (164213)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows NT Server 4.0
This article was previously published under Q164213 SUMMARY
In a Domain Name System (DNS) environment, it is common for a user or an
application to request a Reverse Lookup of a host name, given the IP
address. This article explains this process.
MORE INFORMATION
The following is quoted from RFC 1035:
"The Internet uses a special domain to support gateway location and
Internet address to host mapping. Other classes may employ a similar
strategy in other domains. The intent of this domain is to provide a
guaranteed method to perform host address to host name mapping, and to
facilitate queries to locate all gateways on a particular network on the
Internet.
"The domain begins at IN-ADDR.ARPA and has a substructure which follows
the Internet addressing structure.
"Domain names in the IN-ADDR.ARPA domain are defined to have up to four
labels in addition to the IN-ADDR.ARPA suffix. Each label represents
one octet of an Internet address, and is expressed as a character string
for a decimal value in the range 0-255 (with leading zeros omitted
except in the case of a zero octet which is represented by a single
zero).
"Host addresses are represented by domain names that have all four labels
specified."
Reverse Lookup files use the structure specified in RFC 1035. For example,
if you have a network which is 150.10.0.0, then the Reverse Lookup file for
this network would be 10.150.IN-ADDR.ARPA. Any hosts with IP addresses in
the 150.10.0.0 network will have a PTR (or 'Pointer') entry in 10.150.IN-
ADDR.ARPA referencing the host name for that IP address. A single IN-
ADDR.ARPA file may contain entries for hosts in many domains.
Consider the following scenario. There is a Reverse Lookup file
10.150.IN-ADDR.ARPA with the following contents:
1.20 IN PTR WS1.ACME.COM.
2.20 IN PTR WS2.ACME.COM.
3.20 IN PTR WS3.ACME.COM.
50.100 IN PTR FREE.MONEY.COM.
190.50 IN PTR J232.MSN.COM.
If a DNS resolver wanted to find the host name corresponding to IP address
150.10.20.1, it would send a query of the form QTYPE=PTR, QCLASS=IN,
QNAME=1.20.10.150.IN-ADDR.ARPA, and would receive:
1.20.10.150.IN-ADDR.ARPA. WS1.ACME.COM.
The following is a Network Monitor capture of this process:
Frame 1: This frame shows the query for host name resolution of the IP
address 150.10.20.1. Note that this is consistent with RFC 1035.
QTYPE=Question Type, QCLASS=Question Class and QNAME=Question Name.
0x1:Std Qry for 1.20.10.150.in-addr.arpa. of type Dom. name ptr on class
INET addr.
DNS: Question Section: 1.20.10.150.in-addr.arpa. of type Dom. name ptr
on class INET addr.
DNS: Question Name: 1.20.10.150.in-addr.arpa.
DNS: Question Type = Domain name pointer
DNS: Question Class = Internet address class
Frame 2: Here you see the answer section of the response sent back to the
requesting client has the host name of the IP address 150.10.20.1, which is
WS1.ACME.COM.
0x1:Std Qry Resp. for 1.20.10.150.in-addr.arpa. of type Dom. name ptr on
class INET addr.
DNS: Answer section: 1.20.10.150.in-addr.arpa. of type Dom. name ptr on
class INET addr.(3 records present)
DNS: Resource Record: 1.20.10.150.in-addr.arpa. of type Dom. name
ptr on class INET addr.
DNS: Resource Name: 1.20.10.150.in-addr.arpa.
DNS: Resource Type = Domain name pointer
DNS: Resource Class = Internet address class
DNS: Time To Live = 3600 (0xE10)
DNS: Resource Data Length = 21 (0x15)
DNS: Pointer: WS1.ACME.COM.
Microsoft Windows NT 4.0 DNS Server is compliant with RFC 1035's
description of DNS Reverse Lookups.
| Modification Type: | Major | Last Reviewed: | 10/9/2002 |
|---|
| Keywords: | KB164213 |
|---|
|