Reverse DNS Lookup
Enter an IPv4 or IPv6 address and instantly see who the IP belongs to: PTR record, FCrDNS verification, ASN and the origin organization. The single most important check before you put any IP on the internet, especially for mail. Lookup runs from Frankfurt FRA01, no logging.
What is reverse DNS?
Reverse DNS (rDNS) is the reverse direction of normal DNS. Where forward DNS maps a name (kernelhost.com) to an IP address, reverse DNS maps the IP back to a name. The record type for this is PTR (Pointer). Reverse names live in two dedicated namespaces: in-addr.arpa for IPv4 and ip6.arpa for IPv6, each constructed from the IP in reverse octet or nibble order.
Example: the IP 8.8.8.8 becomes 8.8.8.8.in-addr.arpa. A PTR query against this name returns the hostname (dns.google in this case). For IPv6 the address 2001:db8::1 becomes 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa, each hex nibble of the address shown separately and reversed.
Who controls a PTR record? The owner of the IP range, which is usually the upstream provider, hosting company or ISP. Domain owners cannot set PTR records themselves unless they get the IP range delegated to them (rare, possible for /24 blocks or larger). For a single VPS the PTR is set in the hosting control panel or via support ticket.
FCrDNS: forward-confirmed reverse DNS
FCrDNS is the most important reason to care about PTR records. The idea is simple: the PTR record gives you a hostname, then you resolve that hostname forward via A or AAAA, and the IP returned must match the original IP. If it does, the PTR is trusted. If not, the PTR is considered spoofed and is ignored by most modern checks.
Mail servers (Postfix, Exim, OpenSMTPD) and spam filters (SpamAssassin, rspamd, Postscreen) verify FCrDNS on every incoming connection. A FCrDNS fail typically adds 1.0 to 3.5 points to the spam score (often enough to land in junk), and many large providers (Google, Microsoft, Yahoo) reject the connection outright with a 550 error. Without a valid FCrDNS your mail server effectively does not exist.
FCrDNS verification by this tool: we read the PTR record, then resolve every returned hostname forward via A (IPv4) or AAAA (IPv6) and compare the returned IPs to the original IP. The badge tells you immediately: green for verified, yellow if there is no forward record at all, red on mismatch with the list of where it actually points.
Common use cases
What you actually need this tool for in daily ops:
- Mail server commissioning: Before you send the first mail from a new IP, the PTR must be set and FCrDNS must be green. Otherwise Gmail, Outlook and others will reject or junk-fold every mail you send. Verify here, fix in your provider control panel, verify again.
- Spam analysis: When you receive spam, look up the PTR of the source IP. A missing or broken PTR is a strong signal for spam. A PTR that points to a generic ISP pool name (dsl-broadband-pool-... etc.) is another classic indicator.
- Log analysis and forensics: An IP shows up in your logs. Who is it? rDNS gives you the hostname (often something like ec2-..., crawler-..., cdn-...) and combined with ASN tells you cloud provider, country and org. Decide in seconds whether it is a legitimate bot, a known cloud customer or something to block.
- Network operations: When debugging a traceroute, intermediate hops are shown by PTR. Routers along the path usually have descriptive PTRs (frankfurt-edge1.isp.net, lhr-core2.example.com etc.) that tell you the geographic and topological path your packet takes.
- Abuse reports: Need to file an abuse report? The PTR plus ASN tell you which provider to contact (abuse@<org>). Without rDNS you would have to look up the IP in RIPE/ARIN whois databases which is slower.
How to set a PTR record
PTR records are not set on your authoritative nameserver for the forward zone. They are set on the reverse zone, which is delegated by the IP owner (ARIN, RIPE, APNIC, LACNIC, AfriNIC) down to the company holding the IP block. For a single VPS or dedicated server, this means: ask the hosting provider to set the PTR, do not try to set it on your own DNS panel.
Most hosting providers offer self-service PTR management in the customer portal. For KernelHost VPS and dedicated servers, the rDNS field is available directly in the server management panel and PTR changes go live within 5 to 10 minutes. For colocated IPs the standard process is a support ticket with the desired hostname per IP.
Best practice for mail: PTR and HELO must match. If your mail server announces itself as mail.example.com (HELO mail.example.com), then PTR for the IP must be mail.example.com, and mail.example.com must A-resolve back to the IP. All three lined up = FCrDNS green = clean reputation.
rDNS at KernelHost
Every KernelHost VPS, dedicated server, mail and Minecraft server comes with self-service PTR management for both IPv4 and IPv6. You set the hostname per IP in the control panel and the change is live within minutes, no support ticket needed. For IP blocks (/29 or larger) the entire reverse zone can be delegated to your own nameservers.
Our DNS plane runs as DNSSEC-signed Anycast in Frankfurt and Vienna so PTR lookups from anywhere in the world resolve in tens of milliseconds. If you are about to commission a mail server on a new IP and want the cleanest possible reputation from day one, the combination of KernelHost rDNS + DKIM/SPF/DMARC in the same panel saves you the typical first-day debugging cycle.
Frequently asked questions
What is the difference between DNS lookup and reverse DNS lookup?
Forward DNS lookup takes a hostname (kernelhost.com) and returns an IP via A or AAAA records. Reverse DNS lookup takes an IP and returns a hostname via PTR records. The two are independent: someone can change one without the other. FCrDNS is the cross-check that verifies they agree.
Why does my IP have no PTR record?
Because no one set it. PTR records have no default value, the IP-block holder (your provider) must set them per IP. For consumer-grade connections the ISP usually sets a generic pool name automatically (something like dsl-host-...-isp.net). For hosting customers, PTR management is in the provider control panel or available via support.
Why does FCrDNS show mismatch even though the PTR is set?
Because the PTR hostname does not forward-resolve back to the same IP. Either A or AAAA is missing for that hostname, or it points to a different IP. To fix: make sure the PTR is exactly the hostname your A/AAAA points to, e.g. PTR = mail.example.com and A mail.example.com = the same IP.
Is the lookup logged?
No. We do not log the queried IP, do not set tracking cookies and do not call any third-party API except the Team-Cymru DNS-Whois service, which is a regular DNS-TXT query against origin.asn.cymru.com (no HTTP, no API key). Cymru sees our resolver IP and the IP being looked up, not your IP.
Does the tool support IPv6?
Yes, fully. Enter an IPv6 address in any standard notation (compressed like 2001:db8::1 or expanded), the tool builds the correct ip6.arpa name automatically (nibble-reversed) and looks up the AAAA forward for FCrDNS.
Can I look up reverse DNS for private IPs (10.x.x.x, 192.168.x.x)?
No. Private and reserved address ranges (10/8, 172.16/12, 192.168/16, 127/8, link-local, multicast) cannot be looked up via public DNS, because their reverse zones are not delegated to the public root. PTR for private IPs is only resolvable inside the network that owns them, on the local resolver.
Why are there multiple PTR records for one IP?
It is technically legal to have multiple PTR records per IP (one IP serving multiple hostnames) and was common in shared-hosting days. Today it is discouraged for mail servers (only one of the PTRs will pass FCrDNS for a given HELO), tolerated for web servers, and rare overall. If your IP has more than one PTR, decide which one is canonical and remove the rest.
Is rDNS / PTR mandatory?
For mail servers: yes, effectively mandatory. Without FCrDNS-clean PTR your mail goes to spam or is rejected. For web servers: not mandatory but recommended (logs are cleaner, abuse reports easier). For internal services or short-lived cloud workloads: optional.
All KernelHost Products
Need more than just tools? Take a look at our commercial hosting lineup.