What is a PTR Record?
PTR record resolves an IP address (made up of numbers and decimals) into a domain name (such as example.com).
The act of translating an IP address into a domain name is known as a reverse lookup in the Domain Name System (DNS).
While we usually think of DNS as a means to go from a domain name to an IP address, one type of record is the opposite: the PTR record resolves an IP address to a domain name instead.
Why might you know the IP without knowing the domain name? These oddball DNS records are actually very valuable. In this article, we’ll explore why PTR matters, when you would use them, and how to set them up properly.
What is a PTR Record?
A PTR (or pointer) record resolves a given IP address to a domain name. Unlike the more conventional A record, which resolves a domain name to an IP, PTRs do the opposite, which is why they’re sometimes called a reverse DNS lookup.
PTR records are formatted with the IP address written backward, then a special reserved in-addr.arpa domain.
So, for the IP 1.2.3.4, the PTR would be 4.3.2.1.in-addr.arpa. The IP is backward because domains like the .com or .org top-level domains are always organized with the topmost level information on the right.
Key Points about PTR Records:
- Reverse DNS Lookup: A PTR record is used in reverse DNS lookups. While a standard DNS query converts a domain name into an IP address, a reverse DNS query uses a PTR record to convert an IP address back into a domain name.
- Format: PTR records are stored in the reverse zone of the DNS. For IPv4 addresses, the record is stored under the in-addr.arpa domain. For example, if the IP address is
192.0.2.1, the corresponding PTR record might be1.2.0.192.in-addr.arpa, which would point to the domain name associated with that IP, likeexample.com. - Usage in Email Servers: PTR records are often used by email servers to verify that the IP address sending an email is actually associated with the domain name it claims to be sending from. This is a common method to prevent email spam.
- Not Mandatory: Although PTR records are useful, they are not mandatory for all IP addresses. However, they are highly recommended for servers that send emails or for networks where reverse DNS lookups are required.
- IPv6: For IPv6 addresses, PTR records are stored under the
ip6.arpadomain, and the process is similar to that of IPv4, though the address is written in reverse order with each hexadecimal digit separated by a dot.
Example of a PTR Record:
If you have an IP address like 103.0.113.7 and you want it to resolve to mail.example.com, the PTR record might look something like this:
7.113.0.103.in-addr.arpa. IN PTR mail.example.com.103.0.113.7 would return mail.example.com.Why do you need PTR records?
As we mentioned, the average computer user has no need for a DNS PTR record. But there are many reasons for security experts to use the tool.
You might use PTR records for:
- Validation. Some email servers won’t accept notes from servers that don’t have PTR records set up properly. Attending to this step is a little like proving that you have pure intentions.
- Safety. Just as you need PTR records to validate your outgoing email, you should expect your communication partners to do the same.
- Investigation. Some systems store only IP addresses, not domain names. You might need PTR records to understand where traffic originates.
- Trust and Verification: PTR records ensure that the given hostname or domain is correctly connected to the IP address.
- Email Servers Requirement: PTR records are essential for outgoing mail servers, particularly those using SMTP (Simple Mail Transfer Protocol), because most mail providers reject or mark as spam messages from mail servers without valid Reverse DNS configuration.
- Avoiding Spam Filters: Emails sent from servers with missing PTR records or mismatched A records are often rejected or marked as spam.
- Industry Standard: This practice has become a standard as all mail providers strive to keep spam out of their clients’ inboxes.
DNS PTR records are stored under the IP address with “.in-addr.arpa” added in IPv4, and they’re stored under the IPv6 address, converted into four-bit sections with “.ip6.arpa” added in IPv6.
