Reverse queries

we've discussed the forward query process where the names are converted into IP addresses.

we've still not discussed the reverse process - that of converting IP addresses back into names. Why would we need this functionality? Well, in the simplest case, we may wish to record in the log files of our web server, the names of the hosts that are visiting our webcam site.

Since the Internet only really talks at the network layer, the web server will only get 'hits' from an IP address. This is not very handy for the poor web administrator. She'll simply have to give her boss a list of IP addresses of the hosts that visited, with little or no knowledge of where those visitors came from.

With reverse DNS mapping, the web server could simply look up the name of the visiting IP address and replace the IP by the name in its log files.

This would make reporting a whole lot easier and provide valuable information. let's use dig again, this time to convert an IP address into a name.

Reverse mapping is similar to name to IP mapping described above, except for the following differences:

  1. The first tier domain is arpa, short for the Advanced Research Projects Agency, the people responsible for first conceiving and building the Internet.

  2. The second tier domain is in-addr, short for Internet Address (IP address is the term we've used till now)

Consider the IP address

Here there is a host ".2" on a network "196.25.102". As before, the 196.25.102 is the least specific entry in this tree (there could in fact be many hosts on this network), while the most specific entry would be the host address ".2".

Refer to the Figure 2.6.

Figure 2.6. Reverse Map

Reverse Map

As before, we can reverse map this using the dig command.

Begin by typing:

dig NS

which, should return all the root servers:

;; ANSWER SECTION:    84974   IN      NS      M.ROOT-SERVERS.NET.    84974   IN      NS      A.ROOT-SERVERS.NET.    84974   IN      NS      B.ROOT-SERVERS.NET.    84974   IN      NS      C.ROOT-SERVERS.NET.    84974   IN      NS      D.ROOT-SERVERS.NET.    84974   IN      NS      E.ROOT-SERVERS.NET.    84974   IN      NS      F.ROOT-SERVERS.NET.    84974   IN      NS      G.ROOT-SERVERS.NET.    84974   IN      NS      H.ROOT-SERVERS.NET.    84974   IN      NS      I.ROOT-SERVERS.NET.    84974   IN      NS      K.ROOT-SERVERS.NET.    84974   IN      NS      L.ROOT-SERVERS.NET.

Notice that they (the root servers) all know about the domain, and so they should!

Now try:

dig NS

which, should yield:

;; ANSWER SECTION:    84987   IN      NS      henna.ARIN.NET.    84987   IN      NS      indigo.ARIN.NET.    84987   IN      NS      epazote.ARIN.NET.    84987   IN      NS      figwort.ARIN.NET.    84987   IN      NS      ginseng.ARIN.NET.    84987   IN      NS      chia.ARIN.NET.    84987   IN      NS      dill.ARIN.NET.

And again:

dig NS


;; ANSWER SECTION:    74403   IN    NS    74403   IN    NS

And again:

dig NS


;; ANSWER SECTION: 31112  IN    NS  \
       31112  IN    NS  \


dig PTR


;; ANSWER SECTION: 42951 IN    PTR \

Why did we write the IP address in reverse here?

Well, it was not really in reverse, it followed the same convention as with the name, using the most-specific part of the name first, and the least specific part at the end ( Referring to figure 5 again, you've just done a similar thing as with the name, only now using the IP address and ending the name with "in-addr"."arpa".""