'in-addr.arpa' in DNS


Published:   July 24, 2024

Tags:

Doing a reverse DNS lookup is a common task, where you find out which domain is associated with this ip. This is done by querying the PTR record of the ‘in-addr.arpa’ domain. This domain is used for reverse DNS lookups, mapping IP addresses back to domain names. Here’s how it works:

Sample reverse DNS lookup

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
$ dig -x 192.0.2.1

; <<>> DiG 9.10.6 <<>> -x 192.0.2.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57404
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;1.2.0.192.in-addr.arpa.                IN      PTR

;; AUTHORITY SECTION:
192.in-addr.arpa.       600     IN      SOA     z.arin.net. dns-ops.arin.net. 2017038062 1800 900 691200 10800

;; Query time: 52 msec
;; SERVER: 2406:7400:a:10::2#53(2406:7400:a:10::2)
;; WHEN: Wed Jul 24 07:57:57 IST 2024
;; MSG SIZE  rcvd: 105

Here we see

1
2
;; QUESTION SECTION:
;1.2.0.192.in-addr.arpa.                IN      PTR

Now question comes where does ‘in-addr.arpa’ come from ?

The ‘in-addr’ part stands for “inverse address,” indicating its role in reverse address mapping The use of “in-addr.arpa” is defined by various internet standards (RFCs).

One of oldest RFC from ‘Nov 1987’ RFC 1035 which defines the DNS protocol and its operations. Here is the excerpt from section 3.5

```
The Internet uses a special domain to support gateway location and
Internet address to host mapping
...
Thus data for Internet address 10.2.0.52 is located at
domain name 52.0.2.10.IN-ADDR.ARPA.
...
```

So utility like dig reverse the IP address and append it to ‘in-addr.arpa’ to get the domain name.

Below is the code snippet from bind9 source code which also hosts the dig utility. This code is used to do reverse DNS lookup.

Snnippet from bind9 source code which has ‘dig’ utility

Snippet from https://gitlab.isc.org/isc-projects/bind9/-/blob/main/bin/dig/dig.c#L2831

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
	case 'x':
		if (*need_clone) {
			*lookup = clone_lookup(default_lookup, true);
		}
		*need_clone = true;
		if (get_reverse(textname, sizeof(textname), value, false) ==
		    ISC_R_SUCCESS)
		{
			...
            ...
		} else {
			fprintf(stderr, "Invalid IP address %s\n", value);
			exit(EXIT_FAILURE);
		}
		return (value_from_next);
	invalid_option:
....

This code snippet is from the get_reverse https://gitlab.isc.org/isc-projects/bind9/-/blob/main/bin/delv/delv.c#L1783

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
static isc_result_t
get_reverse(char *reverse, size_t len, char *value, bool strict) {
	int r;
	isc_result_t result;
	isc_netaddr_t addr;

	addr.family = AF_INET6;
	r = inet_pton(AF_INET6, value, &addr.type.in6);
	if (r > 0) {
		/* This is a valid IPv6 address. */
		dns_fixedname_t fname;
		dns_name_t *name;

		name = dns_fixedname_initname(&fname);
		result = dns_byaddr_createptrname(&addr, name);
		if (result != ISC_R_SUCCESS) {
			return (result);
		}
		dns_name_format(name, reverse, (unsigned int)len);
		return (ISC_R_SUCCESS);
	} else {
		/*
		 * Not a valid IPv6 address.  Assume IPv4.
		 * If 'strict' is not set, construct the
		 * in-addr.arpa name by blindly reversing
		 * octets whether or not they look like integers,
		 * so that this can be used for RFC2317 names
		 * and such.
		 */
		char *p = reverse;
		char *end = reverse + len;
		if (strict && inet_pton(AF_INET, value, &addr.type.in) != 1) {
			return (DNS_R_BADDOTTEDQUAD);
		}
		result = reverse_octets(value, &p, end);
		if (result != ISC_R_SUCCESS) {
			return (result);
		}
		result = append_str(".in-addr.arpa.", 15, &p, end);
		if (result != ISC_R_SUCCESS) {
			return (result);
		}
		return (ISC_R_SUCCESS);
	}
}

To summarise: When an IPv4 address like 192.0.2.1 needs to be resolved back to a domain name,

  1. It is reversed then
  2. Appended with ‘in-addr.arpa’, resulting in 1.2.0.192.in-addr.arpa.
  3. DNS query is then made for this domain to retrieve the PTR record, which provides the domain name associated with the IP address.

Q: Who manages the ‘in-addr.arpa’ domain?

Hierarchical like the normal DNS.

  • IANA(Internet Assigned Numbers Authority) oversees the top-level delegation(i.e. in-addr.arpa).
  • RIRs(Regional Internet Registries) manage portions of the namespace within their regions.
  • ISPs and organizations manage reverse DNS for their allocated IP address ranges, creating PTR records within the appropriate ‘in-addr.arpa’ subdomains.

Q: What about private IP addresses and reverse DNS?

A: For private IP address blocks (such as 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), reverse DNS is managed internally within the organization.

You can also do dig -x 192.168.2.1 or dig 1.2.168.192.in-addr.arpa PTR manually to check the reverse DNS for private IP addresses.

Q: What about IPv6 reverse DNS?

Similar to IPv4, IPv6 addresses are also mapped back to domain names using the ‘ip6.arpa’ domain. The process is similar, but the domain name is constructed differently due to the longer address length of IPv6.

Doing dig -x 2001:0db8::1 or dig 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. PTR



Let me know if you have any questions or comments.
It will help me to improve/learn.


< Older   Further Reading   Newer >