User Controls

Reverse DNS lookup.

  1. #1
    Sophie Pedophile Tech Support
    Tell me a little about it, especially how it pertains to email.
  2. #2
    data juice
  3. #3
    aldra JIDF Controlled Opposition
    reverse DNS refers to a PTR record.

    normally when you want to visit a website, you request www.blackonblackcrime.com, your request hits a DNS server and you get the IP address to connect to back.

    PTR records work the opposite way - you send an IP address to the DNS server and it responds with the domain that IP address has registered to it.

    in relation to email, typically it's a feature used to avoid forgery. when you send an email, the sending mailserver is included in the header data. the receiving mailserver will usually first check the MX record (ie. if you're sending from soph@niggasin.space, it will check the MX record for niggasin.space to make sure that the server's IP address is in the list - that it's allowed to send mail on the domain's behalf), then the PTR record (will query the mailserver's IP address to make sure it's actually registered to the niggasin.space domain).

    there's a lot of other stuff you need to know if you're deploying mailservers but that's the most basic reasoning
    The following users say it would be alright if the author of this post didn't die in a fire!
  4. #4
    Lanny Bird of Courage
    DNS lookup maps FQDNs to IP addresses, reverse lookup just does the reverse, it reports the FQDNs that point to an IP addresses. Because domains work sorta like pointers, multiple FDQNs can point to the same IP address these lookups aren't symmetric, lookup produces on IP while reverse lookup can produce zero or more domains.

    The place I assume it would be relevant to email systems is in terms of verifying the authenticity of a message. In SMTP the sender of a message is self-reported, it's part of the data sent. You could initiate an SMTP session with, say, yahoo and assert you're sending an email from trump@whitehouse.gov and that's valid within the confines of SMTP. Of course this isn't really desirable, so the first line check against this kind of fraud is to verify that the actor initiating an SMTP session is doing so from an address that is pointed to by that domain. You can kind of "derive" authority to send messages from given senders from DNS ownership, which is pretty reasonable.
    The following users say it would be alright if the author of this post didn't die in a fire!
  5. #5
    Lanny Bird of Courage
    damn, post sniped
  6. #6
    Sophie Pedophile Tech Support
    Your replies are both appreciated. Anyway, i got to wondering about this because some email hosts will have a plethora of sub domains you can have an email on. Like, soph@GoLow.com or soph@whatever.net but seeing as they all come from the same place you could possibly do a reverse DNS lookup and find out that yes indeed these sub domains belong to so and so. For OSINT purposes.
Jump to Top