Configure DNS Reverse Lookup Zones and PTR Records (Step by Step Guide)

In this tutorial, I’ll show you how to create reverse DNS lookup zones and PTR Records on Windows Server.

Reverse lookup zones are used to resolve IP addresses to a hostname. For reverse lookup zones to work they use a PTR record that provides the mapping of the IP address in the zone to the hostname.

For example, I can look up the IP 10.1.2.88 and see that it resolves to the hostname “nodaway”. Without a reverse lookup zone and PTR record, I would not be able to do this.

Do You Really Need Reverse Lookup Zones and PTR Records?

Every network is different so it depends. Unless you host your own email server or have an application that requires it may not be required.

Even if you don’t have requirements for them I still recommend setting them up because they are extremely helpful when troubleshooting. You can read more about this in my DNS Best Practices guide.

How to Create Reverse Lookup Zone

Step 1: Open the DNS Management Console

On your Windows Server type DNS in the search box to quickly find the DNS console.

Step 2: Create New Reverse Lookup Zone

In the DNS console right click on “Reverse Lookup Zones” and Select “New Zone”.

This will start the new zone wizard.

Step 3: Choose Zone Type (New Zone Wizard)

On the Zone Type page select Primary Zone.

Choose to replicate to all DNS servers running on domain controllers in this domain.

Choose IPv4 or IPv6, for this demo I’m setting up IPv4.

Now, type in the start of the subnet range of your network.

For this demo, I’m creating a zone for subnet 192.168.0.0/24.

Choose the dynamic update option.

I recommend picking the first option “Allow only secure dynamic updates”.

That completes the wizard, click finish.

Verify Reverse Lookup Zone

Back in the DNS console click on “Reverse Lookup Zone”

I can now see the new zone listed. The subnet will display backwards which is normal.

Now I’ll click the 0.168.192.in.addr.arpa zone to view the DNS records.

So far I have only the SOA and NS resource records, no PTR records.

Once clients start dynamically updating their DNS the PTR records should start populating. You can also manually create PTR records for systems that are not configured to dynamically update.

How to Create PTR Records

Let’s walk through manually creating a PTR record. This is only needed if a system is not configured to dynamically update. This may be the case for systems with static IP addresses like servers.

Right click the zone and select “New Pointer (PTR)”.

Enter the Host IP Address and Host name fields and click OK.

I’m creating a record for IP, 192.168.0.206 with the hostname of pc1.

Back in the DNS console, I can see the PTR record listed.

How to Verify PTR Record Is Working

To verify the PTR record is working you can use the nslookup command.

Open Powershell and type nslookup followed by the IP you want to lookup.

You can see in the picture above the IP returned the hostname PC1.

That is all there is to it.

Pretty easy right?

Recommended Tools

AD Cleanup Tool - Find stale and inactive user and computer accounts in Active Directory. Export, disable, move or delete the stale accounts to increase security.

AD User Creation Tool - Bulk import or update Active Directory user accounts. Add users to groups, import into OUs, set multiple attributes and more.

NTFS Permissions Tool - Scan and audit NTFS folder permissions. See which users and groups have access to what.

AD Reporting Tool - Over 200 reports on users, computers, groups, OUs and more. Customize reports or create your own reports with the report builder.

19 thoughts on “Configure DNS Reverse Lookup Zones and PTR Records (Step by Step Guide)”

Great post. Very informative and straight to the point. Thank you for tasking the time.

Robert Allen

November 14, 2023 at 10:25 am

Thanks for the feedback.
Reply

Why does your server say Unknown?

Server: Unknown

how do you fix that?

Robert Allen

November 1, 2023 at 11:45 am

Hi George,

I had no ptr record for my DNS server. Added and it now shows the hostname for the server.
Reply

How do you do create a reverse zone if you have a /26 address space?

Thanks

I was running into this issue after using DNSSEC to sign reverse zones. It couldn’t create the record. I ended up trying first to unsign the zone but it didn’t resolve the issue. After deleting and recreating the zone, leaving it unsigned, it then started to allow PTR records.

Good tips….. Very clear…. Lo p

God Bless you. This is a good tutorial and it help me to solve a very urgent A record issue.

Robert Allen

November 25, 2020 at 9:33 pm

Jamiu, thanks for the feedback.
Reply

Concept is clear

Nicely explained.

Thank you for this post.

Robert Allen

February 29, 2020 at 1:35 pm

No problem
Reply

Thanks – this was a good tutorial and reminder that cleaned up a few things for me

How can I consolidate many reverse lookup zones into one zone?
I have the following zone:

170.196.10.in-addr.arpa
171.196.10.in-addr.arpa
172.196.10.in-addr.arpa
173.196.10.in-addr.arpa
175.196.10.in-addr.arpa

and want to consolidate all the following zone into zone 196.10.in-addr.arpa.

best regards
Mari

Nelson

July 7, 2020 at 8:50 pm

Hi Mari, just enter 2 of the octets when creating your Reverse zone. When you enter your octets it tells the system which numbers to take into consideration for grouping. So to your request, enter only 10.196
Reply
- Chris
  
  April 26, 2021 at 3:19 pm
  
  Nelson, I have a question, could you help me with it perhaps? I am trying to set up reverse zones for 2 of our domain controllers. I have to submit a change request and the Authorizer/Approver is asking “Are you creating a reverse arpa zone for 10/8 or 10.100/16 or the two /24s?” I do not understand. I just need the 2 DC’s to point back to a few IP’s. Could you help me answer this question?
  Reply