A forward lookup zone lets users look up the IP address resolution of a domain from a Domain Name System (DNS) server. If you don’t already know, the DNS serves as the Internet’s phone book. Given people’s names, you can determine their phone numbers and addresses with the phone book’s help.
So, when asked what a forward lookup zone is, it’s a way for people to use a phone book (DNS) to get other people’s contact details (IP addresses) given their names (domain names).
Read More about “Forward Lookup Zone”
Two types of DNS lookup zones exist—forward and reverse lookup zones. Find out how they differ below.
Forward and Reverse Lookup Zone, What’s the Difference?
As mentioned earlier, a forward lookup zone asks a DNS server for the IP address resolutions of a given domain name. In contrast, a reverse lookup zone returns the domain names that resolve to a particular IP address.
You can use DNS lookup tools like this to perform forward lookup zone queries. We used it to find the IP address resolution of google[.]com and got 142[.]250[.]68[.]46. What does this mean? When you type the IP address into your browser, your computer should open google[.]com.
Meanwhile, you can use a reverse IP lookup tool like this to perform reverse lookup zone queries. We used it to determine the domains that resolve to the IP address 8[.]8[.]8[.]8 and found that it hosts more than 300 domain names, including 000180[.]top.
All companies need forward lookup zones because, like people’s phone numbers and complete addresses, IP addresses aren’t as easy to remember as people’s names or their DNS equivalents, domain names. Reverse lookup zones, meanwhile, are often regarded as an afterthought. The latter are, in fact, more useful for cybersecurity specialists than normal Internet users.
What Are Forward Lookup Zones For?
The entire DNS was created by the Internet Engineering Task Force (IETF) in 1986 to help cybersecurity analysts and researchers perform investigations.
One of the tasks cybersecurity professionals perform is blocking all possible threat entry points to ensure utmost protection. Part of that is finding all of the IP addresses connected to, say, a malicious domain name. Let’s take a look at a specific example.
With the help of forward lookup zones, for instance, you can determine that the malicious domain bankofamericameta[.]com featured in this cybersecurity investigation points to the IP address 74[.]208[.]236[.]201.
How Can You Find Your Domain’s IP Address?
There are a few ways to determine someone’s IP address. Here are three of them.
Pinging is the easiest and cheapest way to find out your domain name’s IP address. Any network-connected computer can do that, but the steps vary depending on its operating system (OS).
On a Windows computer, follow these steps:
- Open a Command Prompt.
- In the Command Prompt window, type “ping” followed by the domain name and press Enter.
- The command will begin showing the results in the Command Prompt window.
On a Mac, do these:
- Open Terminal found in Applications then Utilities.
- In the Terminal window, type ping then the domain name you want to ping.
- Press Enter.
- The results will get displayed in the Terminal window.
If you want to ping the IP address of a domain name that you don’t own, you can use an online Ping tool like this. Type the domain name into the search bar, enter the code, and hit the Go button. Using google[.]com as our search term, you’ll get this result:
DNS Lookup Tool
Another way, which we talked about earlier, is to use a DNS lookup tool. We showed you how that is done with our malicious domain example. Unlike pinging that only tells you your or someone else’s IP address, DNS lookup tools also reveal information about the domain’s other DNS records.
Using a DNS lookup tool on google[.]com, for instance, told us that the domain has 16 DNS records:
- Nine TXT records
- One A record, which tells you its IP address
- One Start of Authority (SOA) record
- Five mail exchanger (MX) records
If you want to know what the other DNS records are for, you can read this. For our purpose, though, we only needed to perform a forward lookup zone query to get google[.]com’s A record, which told us its corresponding IP address, 142[.]251[.]33[.]110.