For people approaching the DNS (domain name system), the Forward DNS zone is a must-stop. But what happens when it’s about going in the opposite direction? Well, there are essential differences between the Forward and Reverse DNS zones. Let’s check out if you really need to create a Reverse DNS one!
What is Reverse DNS?
Reverse DNS is a service for executing reverse lookups. It’s usually available on managed DNS plans. When you get it, you have the chance of creating a Reverse DNS zone where to add the necessary PTR records to perform these lookups. Without the creation of the Reverse DNS zone, the service won’t work.
Forward DNS zone vs Reverse DNS zone.
A Forward DNS zone maps a domain to an IP address. Usually, a domain is requested, then the task is to get the corresponding IP address of that domain. In contrast, a Reverse DNS zone maps an IP address to a domain. It helps trace and verify if the IP address really belongs to the domain or if it’s coming from a malicious computer.
In a Forward DNS zone, you add the types of DNS records that are necessary to configure the different functions you need. A (IPv4), AAAA (IPv6), CNAME, SOA, NS, MX, TXT, etc.
For a Reverse DNS zone to work, you have to add DNS pointer records (PTR). A PTR record supplies the domain associated with an IP address. As you see, these records do exactly the opposite an A or AAAA record does to supply the corresponding IP address to a domain.
Reverse DNS zone – Do you really need to create one?
Well, yes, you really need to create a Reverse DNS zone if you need to perform the following functions.
Verification.
You own a domain, an e-mail server, and you need to reach clients and providers through e-mails. If you don’t provide them a way of verifying that those messages really belong to your domain, e-mails can go missing, or they can be directly blocked and considered spam. Remember, not only you, but everybody uses security measures not to be cheated or scammed.
When you create a Reverse DNS zone and add the PTR records within it, you are supplying the proof for others’ servers to verify the correct match between the IP address and your domain.
Spam detection.
Thanks to the verification Reverse DNS allows, you can trace the IP addresses of e-mails that can look suspicious. You just have to perform the reverse lookup to confirm they come from the domain they claim to be. Clearly knowing this, you then can evaluate if the domain is legitimate or not and avoid risks. E-mails are an effective and widely spread means of communication, but currently, they can be sources of dangerous threats.
Knowing more about your audience.
Having a Reverse DNS zone also means the chance of identifying the location your audience comes from. By checking the individual IP address of the people who visit your domain, you can know this. Let’s be clear. This is not a way to get personal data from visitors. The information you can get is their geographical location and ISP (Internet service provider) they use. And that can be valuable for marketing purposes.
Conclusion.
Creating a Reverse DNS zone is a useful method to strengthen security and trustability. Unfortunately, there are many spoofers and all sorts of scammers around the Internet. Times are not for taking risks that actually can be avoided. But the decision is up to you!