What is a DNS PTR Record? | #emailsecurity | #phishing | #ransomware


We’ve introduced you to different types of DNS records in our blog, including the A record, AAAA record, and DNS MX record. This post explores the DNS PTR record and everything you need to know about it. Let’s get started!

What is a PTR Record in DNS?

What is a PTR record in DNS? A PTR or Pointer record is a type of DNS record that provides the domain name attached to a certain Internet Protocol (IP) address. This is the exact opposite of the DNS A record

While the DNS A record provides the IP address of a domain name, a PTR record provides the domain name of an IP address. PTR record DNS is often used in reverse DNS lookup. 

Generally, when you attempt a domain search in your browser, a DNS lookup occurs, matching the domain name to the IP address. The opposite occurs in reverse lookup—this is a DNS query that begins with the IP address and looks up the domain name. 

PTR Record Syntax

The structure of a PTR record is similar to other DNS record types. Below is the format of a PTR record. 

  • <name> – The first PTR record field containing the IP address. 
  • <ttl> – Determines a query’s period of validity in seconds before it needs to be activated again. 
  • <class> – Contains the abbreviation of the network class used.
  • <type> – Defines the record type.
  • <rdata> – Holds the resource data—the domain name. 

The PTR syntax is structured similarly to the A record, but the field content differs. 

Why Do You Need a PTR DNS Record?

The average user or computer doesn’t need a PTR record, but it’s still a valuable tool for security purposes. Here are some benefits of including a PTR record in your DNS. 

  • Safety: PTR DNS records help receiving servers validate your sent emails via reverse DNS lookup. Similarly, your mail servers typically checkPTR records to validate the authenticity of incoming messages. 
  • Validation: The most popular email providers usually reject or mark messages as spam if they don’t contain the required PTR configuration. A PTR record is a must-have if you don’t want your mail to end up in your recipient’s spam box or be blocked altogether. 
  • Investigation: Some systems only store the IP address, not the domain name. In such a case, PTR records help to identify the source of the traffic in a human-readable format. 

How to Add a PTR Record in DNS?

Creating or adding a PTR record to your DNS is straightforward. First, you must create a reverse DNS zone on the DNS nameserver for your server’s main IP address, depending on the size of your IP address:

  • For IPv4 addresses, create the hostname for the reverse DNS zone by:
  • Taking your IP address, such as 192.168.0.100
  • Dropping the last set of numbers (or octet): 192.168.0.
  • Reversing the numbers: 0.168.192
  • Adding “.in-addr.arpa” to the end, giving you the reverse zone domain: 0.168.192.in-addr.arpa.

“.arpa” was the first top-level domain name created for the internet and is mostly used to manage network infrastructure today. It’s also where DNS PTR records are stored (more info below). 

DNS PTR records for IPv6 addresses exist in a separate namespace within the top-level “.arpa” domain. They’re reverse-mapped and converted into 4-bit sections with the suffix “.ip6.arpa.” 

For instance, the IPv6 address 4321:0:1:2:3:4:567:89ab would have a DNS reverse lookup domain as: b.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa.

You  can add a Pointer record to your forward-mapping zones to support zero-configuration networking too. 

If you want to learn how to add a PTR record in DNS, follow these steps:

  • Open your DNS provider control panel or portal.
  • Click on Manage > DNS > Zones.
  • Hit the DNS view tab.
  • Click the Zone.
  • Select ‘Create Record’ and choose ‘PTR record’ from the available options.
  • Input the information below on the PTR record page:
  • Domain Name or IP Address: Supply the Internet Protocol (IP) address or the domain name.
  • Zone: Choose a zone from the options available.
  • Description: Enter a comment that describes the PTR record.
  • TTL: Input a number and select Hours, Minutes, and Seconds from the options.
  • Disable for DNS protocol: You can tick this box to disable the DNS protocol temporarily. 
  • Tags: Hit ‘Add’ to attach keys to value and specify the following:
  • Key: Input a name for the key.
  • Value: Supply a value for the key.
  • Click ‘Save and Close’ to create your DNS PTR record. 
  • DNS PTR Record Storage Options

Unlike an A record, that’s stored under the domain name, a Pointer record is stored in the IP address with “.in-addr.arpa” added. For instance, the PTR record for IP address 192.168.2.10 will be stored under “10.2.168.192.in-addr.arpa”. The “in-addr.arpa” was included because the .arpa top-level domain in the DNS holds the PTR record. 

How to Perform a PTR Record Lookup?

Like other DNS records, you can perform a PTR DNS record lookup to check if your details are correct. As PTR records are used for security and verification, your emails might end up in the spam box if the configuration is wrong. You can perform your PTR record lookup using online tools or the command line. 

Using Online Tools

You can use online tools like EasyDMARC’s DNS Records Lookup checker to instantly lookup PRT records—find the domain name of an IP address. Simply input the IP address in the provided field and click the “Lookup DNS” button.

pasted image 0

Using Command Line

You can also use your command line to lookup your PTR record and check if your IP address resolves to its corresponding hostname. 

Windows users can use the following command line:

nslookup IP_ADDRESS

The process is similar if you want to perform a PTR lookup as a macOS user. You can use the below command. 

dig -x IP_ADDRESS

Summary

While the PTR record isn’t compulsory, it’s necessary for security and verification reasons. Email providers often use the PTR record to help confirm the authenticity of messages. 

Configuring a PTR record on your DNS is vital to avoid spam folders or rejection. Now that you know how to add a PTR record to DNS servers, you can ensure correct configuration while simultaneously enhancing the safety of incoming emails and the authenticity of your outgoing emails.  

Check out our other blogs if you want answers to questions like: What is a DNS record? You’ll also learn about DNS spoofing and various other cyberattack types. Stay informed, stay safe.

The post What is a DNS PTR Record? appeared first on EasyDMARC.

*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by Knarik Petrosyan. Read the original post at: https://easydmarc.com/blog/what-is-a-dns-ptr-record/



Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published.

fifty three + = fifty four