What is a reverse lookup in DNS? It is the process of finding a domain name from an IP address! There has to be a designated domain name for an IP for this to work. (This is rDNS, the opposite of DNS or Domain Name Services, for finding IPs from domain names.) The Wikipedia explains how reverse stuff is even possible at http://en.wikipedia.org/wiki/Reverse_DNS_lookup and it looks there is a root reverse DNS database to hold the metadata to make the associations. At the event I went to last night, a guy mentioned that hackers may set up malicious DNS servers to return malicious JavaScript in lieu of a domain name via reverse DNS lookups!
DNS associates domain names to IPs by pointing the domain name at nameservers which then suggest how the domain name should be routed. From here there is some branching across different record types. A request to a domain name will be routed to a nameserver and then off to an A or MX or other record which will contain an IP. A browser will try to find a web site at a server with an applicable IP for an applicable A record. From there the server will route the request to a web site running, typically by default, on port 80. Types of records include:
- A records: These point web traffic to subdomains to IPs. For example: www.example.com might point to 1.2.3.4 while example.com might point to 1.2.3.5 and somethingelse.example.com might point to 1.2.3.6 where all three are separate A records.
- MX records: These define how to find the mail server for a domain name. When you send mail to example.com the MX record will route the mail to a particular IP for a mail server.
- SPF records: These try to assert that mail should come from a particular IP for a domain name. If a mail server receiving mail from example.com has an SPF tool it can look up the SPF record and compare it to where mail is arriving to it from in the name of blocking potential spam in the case of a mismatch.
No comments:
Post a Comment