Reverse DNS Lookups: Free /24 Subnet Scanning

       

Let me guess - you've got firewall logs full of IPs, and no idea what half of them actually are. That's where reverse DNS (rDNS) comes in. I use it daily to separate the legit traffic from the sketchy stuff.

               

Reverse DNS in 30 Seconds

       

Normal DNS: domain → IP address
    Reverse DNS: IP address → domain

       

When configured right (and that's a big "if"), rDNS tells you what an IP calls itself. Crucial for:

   

       
• Spotting spoofed traffic (when the IP and name don't match)
       
• Identifying legitimate services (mail servers should always have rDNS)
       
• Finding forgotten devices on your network
   

               

Why Check Entire /24 Subnets?

       

Single IP lookups are fine, but scanning a whole /24 (256 addresses) reveals patterns:

                                                                                                                                                                                                                   

What You'll Find	Why It Matters
Mail server naming conventions	Identify legitimate vs suspicious senders
ISP customer IP ranges	Spot compromised residential accounts
Hosting provider blocks	Recognize cloud/VPS traffic patterns
Your own forgotten devices	Clean up stale DNS entries

               

Real-World Uses That Actually Help

       

1. Email Server Configuration

       

Proper mail servers must have matching forward and reverse DNS. I reject mail from any IP where:

   

       
• rDNS is missing completely
       
• The name doesn't resolve back to the original IP
       
• It uses generic ISP names (like "dynamic-45-22.provider.net")
   

       

2. Network Inventory

       

Ran a /24 scan on our own IPs last month and found:

   

       
• 3 test VMs we forgot to decomission
       
• An old load balancer still responding
       
• 2 IPs with misconfigured rDNS pointing to dept names instead of functions
   

       

3. Security Investigations

       

When investigating brute force attacks:

   

       
1. Run the offender's IP through rDNS
       
2. Check if the naming matches the owner (from WHOIS)
       
3. Look for patterns across multiple attacks
   

               

How Our Free Tool Works

       

Unlike some "free" tools that limit you to 5 lookups/day:

   

       
• Single IP lookups: Instant results with TTL info
       
• /24 subnet scans: Returns all responsive PTR records
       
• Bulk processing: Paste in multiple IPs at once
       
• No registration: Just use it
   

               

Common rDNS Problems (And Fixes)

                                                                                                                                                                                                                                                                               

Problem	How to Spot	How to Fix
Missing PTR	"No reverse DNS" result	Contact your ISP or hosting provider
Mismatch	rDNS name doesn't resolve back to IP	Update either forward or reverse record
Generic names	Contains "dynamic", "pool", or "customer"	Request descriptive names from provider
Slow lookups	Timeout errors during scans	Space out queries or use our bulk tool

       

Try It Right Now

       

Test with these common IPs to see how rDNS works:

   

       
• 8.8.8.8 (Google DNS)
       
• 1.1.1.1 (Cloudflare)
       
• Your own public IP
   

        Scan a /24 Subnet Free        

Found something weird in your rDNS? Hit reply and I'll help interpret it. No sales crap - just straight answers.