Home › Tools › Network & DNS › Network & DNS Tools
Reverse DNS (PTR) Lookup
reverse-dnsConvert IPv4 addresses into PTR query names and resolve the assigned hostnames.
Enter a target and run the tool.
Results
| Type | TTL | Value |
|---|
About Reverse DNS Lookup
A reverse DNS lookup translates an IPv4 address back into the hostname assigned to it. The mechanism is a DNS query to the in-addr.arpa zone: the four octets of the IP address are reversed and appended to .in-addr.arpa to form the query name. Looking up 192.0.2.1 means querying 1.2.0.192.in-addr.arpa for a PTR record. If one exists, it returns the hostname configured by the owner of that IP block. The AT USE Reverse DNS Lookup tool builds this query name for you automatically — you enter the IP in normal notation, the tool constructs the in-addr.arpa name and resolves it through a DNS-over-HTTPS resolver in real time.
Reverse DNS matters most in three contexts: email deliverability, log analysis, and network security investigation. Each has a different reason for needing the PTR record, and each has different consequences when the record is missing or misconfigured.
Reverse DNS and email deliverability
Receiving mail servers apply multiple checks to the IP address making the SMTP connection before accepting any message. One of the first checks is whether the connecting IP has a PTR record at all. An IP with no reverse DNS is a strong spam signal: legitimate sending infrastructure virtually always has a PTR record configured. Many corporate mail gateways and anti-spam systems will reject or defer mail from IPs with no PTR.
More demanding is the FCrDNS check — Forward-Confirmed reverse DNS, also called full-circle rDNS. FCrDNS means the PTR record resolves to a hostname, and that hostname in turn resolves back to the same IP via an A record. For example: the PTR for 203.0.113.10 returns mail.example.com, and looking up mail.example.com returns 203.0.113.10. Both records match. Gmail and Microsoft 365 weight FCrDNS heavily. A PTR record that does not match the EHLO hostname the sender announces — or that resolves to a hostname whose A record points to a different IP — can trigger spam-folder placement even on messages with clean IP reputation. If you are debugging why your outbound mail is failing authentication or landing in spam, checking your sending IP's PTR record and verifying it matches your EHLO hostname is one of the first diagnostic steps.
Reverse DNS in log analysis
Raw server logs record requests as IP addresses. A web server access log entry for 203.0.113.50 tells you the connection origin but not who or what is on that address. Reverse DNS lookup enriches this: 203.0.113.50 might resolve to crawler.googlebot.com, which tells you it is a Google crawl rather than an end-user request, and it tells you whether the request volume is Googlebot or someone spoofing a Googlebot-looking user agent. Many log analysis tools resolve PTR records automatically; for one-off investigation of a specific IP, a manual reverse lookup is faster than running a command-line tool or waiting for a bulk log enrichment job.
Reverse DNS in security investigation
Security analysts investigating IP addresses from alert data, firewall logs, or threat intelligence feeds use PTR records as one attribution signal. A PTR record that resolves to a hostname ending in a cloud provider's domain (ec2.amazonaws.com, compute.googleusercontent.com, vultr.com) identifies the hosting provider. A PTR record that resolves to a meaningful organizational hostname — vpn.example-corp.com, scanner.security-vendor.com — narrows attribution further. An IP with no PTR, or one that resolves to a generic ISP hostname, is harder to attribute. Reverse DNS is one of several signals used alongside WHOIS data, ARIN allocation records, and autonomous system (AS) information to build a picture of who owns an IP.
Who controls reverse DNS
Only the holder of the IP block can publish PTR records for addresses within it. For most cloud and dedicated hosting: the server owner contacts the provider and requests a PTR record — this is usually a control-panel option (Hetzner, Linode, Vultr, and DigitalOcean all provide PTR record management in their dashboards). For shared hosting on a provider-assigned IP, the provider controls the PTR and may or may not expose a self-service option. Residential and mobile ISPs control PTR records for dynamic IP allocations and generally do not allow customer customization.
Common use cases
- Diagnosing email deliverability failures from a new server IP — A developer sets up a transactional email server on a new VPS and sees high SMTP rejection rates. Running a reverse DNS lookup on the outbound IP shows no PTR record — the hosting provider allocated the IP without any reverse DNS delegation. The developer contacts the provider to set the PTR record to match the server's EHLO hostname, then re-checks with the reverse DNS tool to confirm the PTR is live before resuming mail delivery.
- Identifying Google, Bing, and other bots in server logs — A web developer notices an IP address generating an unusually high volume of requests in Apache access logs. A reverse DNS lookup returns crawl-66-249-64-1.googlebot.com, confirming it is Googlebot rather than a scraper. The developer adjusts the rate-limit policy accordingly — bot traffic from Google crawlers should not trigger blocking rules.
- Verifying a sending IP's FCrDNS before an email campaign — An email marketing team is about to run a large send from a newly provisioned dedicated IP and wants to confirm full deliverability readiness. They run a reverse DNS lookup on the IP, confirm the PTR returns the expected EHLO hostname, then run a DNS lookup on that hostname to confirm the A record points back to the same IP. This FCrDNS match is a prerequisite before warming the new IP.
- Attributing an unknown IP in a security incident — A security analyst investigating an intrusion attempt logs a source IP from the firewall log. A reverse DNS lookup returns scanner.example-security.com, identifying the traffic as a known commercial vulnerability scanner rather than a novel attacker. The analyst adds the IP range to a permitted-scanner list and closes the alert.
- Confirming reverse DNS delegation after acquiring an IP block — A network operator takes over an IP block previously used by another company and needs to confirm that the delegated in-addr.arpa zone for the block is now pointing to their DNS servers. Looking up several IPs within the block confirms the PTR records resolve through the new operator's authoritative nameservers and reflect the new hostname scheme.
How to use this tool
- Enter the IPv4 address you want to look up (for example, 8.8.8.8 or your server's outbound IP).
- Click "Lookup" — the tool constructs the in-addr.arpa query name automatically from the IP you entered.
- Read the PTR record result — this is the hostname assigned to that IP address.
- To verify FCrDNS, copy the returned hostname and run a DNS lookup on it to confirm the A record points back to the original IP.
- If no PTR record is returned, contact the owner of the IP block (your hosting provider) to configure one.
Frequently asked questions
Is reverse DNS required?
It is not required by the DNS protocol itself, but mail servers and some security systems treat its absence as suspicious. For sending mail, matching forward and reverse DNS is best practice.
Why is the result empty?
No PTR record is published for the IP. The owner of the IP block has not delegated reverse DNS or has not configured a PTR for that specific address.
Can I do reverse DNS for IPv6?
IPv6 reverse lookups use the ip6.arpa zone with a different name format. This tool currently focuses on IPv4 addresses.
Can I change my reverse DNS?
Only the owner of the IP block (your hosting provider, ISP, or registry-issued allocation) can publish PTR records. Most providers offer a control-panel option for this.
What is a matching forward-confirmed rDNS (FCrDNS)?
FCrDNS (also called full-circle rDNS) means the PTR record for an IP resolves to a hostname, and that hostname in turn resolves back to the same IP via an A record. Many receiving mail servers require FCrDNS as a deliverability check — a mismatch or missing PTR is a strong spam signal.