A reverse DNS lookup takes an IP address and returns a hostname via the domain's PTR record. It's the opposite of a normal A-record lookup and it's the record mail servers, firewalls, and log analysers consult to answer "who owns this IP?" To run one, open Zro7 Reverse DNS Lookup, paste an IPv4 or IPv6, and the PTR renders.
How PTR records actually work
PTR records live in a special reverse zone. IPv4 93.184.216.34 is queried as 34.216.184.93.in-addr.arpa PTR. IPv6 2606:2800:220:1:248:1893:25c8:1946 becomes the nibble-reversed 6.4.9.1.8.c.5.2.3.9.8.1.8.4.2.0.1.0.0.0.0.2.2.0.0.0.8.2.6.0.6.2.ip6.arpa PTR. Zro7 builds the query for you.
Who uses PTR
- Mail servers — most refuse mail from an IP with no PTR, or one whose PTR doesn't match the announced HELO name ("FCrDNS" — Forward Confirmed reverse DNS).
- Log analysers — turn IPs in access logs into human-readable names (
crawl-66-249-66-1.googlebot.com). - SSH / firewalls — some display PTR in
lastand audit logs. - Traceroute — the router names you see (
ae-10.r00.lhr01.uk.bb.gin.ntt.net) are PTRs.
What a PTR does NOT prove
The owner of the IP block sets the PTR — anyone renting the /24 can point it wherever they like. A PTR of trusted-sender.example.com doesn't mean the IP is trusted. FCrDNS (forward lookup of the PTR name returns the original IP) is the minimum bar most spam filters actually check.
Common problems PTR reveals
- Missing PTR — your mail lands in spam or bounces with Client host rejected: no PTR record.
- Generic PTR —
ec2-54-1-2-3.compute.amazonaws.comis a red flag to spam filters even when SPF/DKIM/DMARC pass. - Mismatched PTR — PTR says
server.example.com, forward A record doesn't resolve back. FCrDNS fails.
Steps
- Open Reverse DNS Lookup.
- Paste an IPv4 or IPv6 address.
- Zro7 constructs the .arpa query, resolves via DoH, and shows the PTR.
Zro7