Expressvpn Glossary
DNS PTR record
What is a DNS PTR record?
A Domain Name System (DNS) pointer (PTR) record links an IP address to a hostname. For IPv4, an A record does the opposite by linking a hostname to an IPv4 address; for IPv6, an AAAA record links a hostname to an IPv6 address.
PTR records exist because IP addresses don’t carry human-readable hostnames on their own. Without a PTR record, services that receive traffic from an IP address can’t translate it to a hostname for logging, deliverability checks, or trust signals.
PTR records can suggest a hostname, but they don’t prove who operates a service. Registration and contact information are typically found through WHOIS or Registration Data Access Protocol (RDAP), though those records may identify the resource holder or contact rather than the exact service operator.
How does a DNS PTR record work?
A reverse DNS lookup starts with an IP address and works backward to find the associated hostname.
The resolver reverses the order of the IP address octets and appends them to a special domain. For IPv4 addresses such as 192.0.2.1, this lookup occurs under the in-addr.arpa domain. For IPv6, the address is expanded into hexadecimal digits, split into individual nibbles, reversed, and placed under the ip6.arpa domain.
The resolver then queries the appropriate reverse DNS zone for a PTR record at that address. If a matching record exists, the DNS server returns the associated hostname.
Many email servers and security tools take this a step further by checking that the returned hostname also resolves to the original IP address via forward DNS. This round-trip check, known as forward-confirmed reverse DNS (FCrDNS), shows that the reverse and forward DNS records are consistent. It’s a weak signal useful for detecting misconfiguration and casual spoofing, but not for proving operator identity.
Where are DNS PTR records used?
Several systems rely on reverse DNS lookups:
- Email services: Mail servers verify that a sending IP address maps to a valid hostname and that the hostname resolves back to the same IP via forward DNS. Missing or mismatched PTR records often trigger spam filters or message rejection, depending on the receiver’s policy.
- Security monitoring: Analysts use reverse lookups to translate IP addresses into hostnames, making logs easier to read and investigate.
- Network troubleshooting: Administrators use PTR records to identify systems, interpret traceroute or diagnostic output, and diagnose naming or configuration issues.
- Hosting and cloud infrastructure: IP address owners and cloud providers configure PTR records for public-facing services to ensure proper reverse DNS resolution.
Risks and privacy concerns
Poorly configured PTR records can affect deliverability, security, and infrastructure control.
- Reduced trust and deliverability: Systems that rely on reverse DNS may flag or reject traffic from IP addresses with missing, mismatched, or outdated PTR records. Email servers are especially likely to check PTR records, though enforcement depends on the receiver’s policy.
- Exposed infrastructure details: PTR records make hostnames publicly visible, which can reveal naming conventions, server roles, or network architecture.
- Limited control over records: The IP address owner, internet service provider (ISP), hosting provider, or cloud provider often manages the reverse DNS zone, which can restrict how quickly or freely an organization updates its PTR records.
Further reading
- DNS record types explained: A complete guide for privacy
- What does nslookup do? A practical guide
- What is DNS, and how does it work?
- Types of DNS servers: Everything you need to know
- DNS security: How to protect your network from DNS threats
