Acutis What Is Reverse DNS?
What is reverse DNS, in plain English?
Reverse DNS is regular DNS run backwards. Normal DNS takes a name like mail.example.com and gives you its IP address. Reverse DNS takes an IP address like 203.0.113.25 and gives you back the name it belongs to. The record that makes this work is called a PTR record (short for "pointer").
So if forward DNS answers "what's the address for this name?", reverse DNS answers "what's the name for this address?" Both are just lookups in the same global system — they simply travel in opposite directions.
Forward vs reverse DNS
It helps to see the two side by side:
- Forward DNS uses A records (and AAAA for IPv6) to map a name to an address.
example.com → 203.0.113.25. - Reverse DNS uses PTR records to map an address back to a name.
203.0.113.25 → mail.example.com.
Crucially, the two are stored and controlled separately. A forward record and a reverse record can point at each other, but neither is created automatically just because the other exists. Setting one does not set the other.
The in-addr.arpa and ip6.arpa zones
DNS can only look things up by name, not by number. So to make a reverse lookup possible, an IP address is rewritten as a special name. For IPv4, the four parts of the address are reversed and parked under the in-addr.arpa zone. The address 203.0.113.25 becomes the name:
25.113.0.203.in-addr.arpa
The octets are flipped because DNS reads names from most-specific on the left to most-general on the right — the same way mail.example.com narrows from the host down to the top-level domain. IPv6 addresses use the same trick under the ip6.arpa zone, written out one nibble at a time. You rarely type these by hand; a reverse-lookup tool builds the name for you and fetches the PTR record automatically.
Check any IP's reverse DNS
Acutis Go's free tool builds the in-addr.arpa query for you and returns the PTR record for any address — instantly, no account.
Why mail servers require matching reverse DNS
Reverse DNS matters most for email. When one mail server connects to another to deliver a message, the receiving server is suspicious by default — spam comes from machines that shouldn't be sending mail. One of the first checks it runs is on the sender's reverse DNS.
The gold standard is FCrDNS — Forward-Confirmed reverse DNS. The receiver does both lookups and confirms they agree:
- Take the sending IP and look up its PTR record to get a name.
- Take that name and look up its forward (A) record to get an address.
- Check that the address you end up with matches the IP you started from.
If the two sides match, the sender looks legitimate. If the IP has no PTR record at all, or the PTR points to a generic name that doesn't resolve back, many mail servers will throttle, mark as spam, or outright reject the message. This is why a brand-new mail server often can't deliver until its reverse DNS is set up correctly.
Who controls reverse DNS
Here's the part that trips people up: reverse DNS is controlled by the owner of the IP address, not the owner of the domain name. The in-addr.arpa zone for an address block is delegated to whoever was assigned that block — usually your ISP, hosting provider, or cloud platform.
That means you can own example.com and set its forward records freely, but you generally cannot set the PTR for the IP it runs on unless your provider lets you. To fix or change reverse DNS, you typically request it from your hosting or IP provider through their control panel or a support ticket. The practical takeaway: forward DNS is yours to manage, but reverse DNS lives with whoever controls the IP block.