Home/Toolchest

DNS resolution and reverse lookup audit

A read-only DNS audit that compares forward and reverse lookup results across host lists and expected DNS servers.

Good For

  • stale DNS review
  • VPN name resolution
  • server migration prep
  • PTR cleanup
  • connectivity triage

How to Use It

  1. Start with a scoped host list from an incident, migration, subnet, or application dependency map.
  2. Resolve each hostname through the expected DNS server and record returned addresses.
  3. Perform reverse lookups for returned addresses and compare PTR names with the expected hostname or naming standard.
  4. If forward and reverse records disagree, compare stale A records, missing PTR records, duplicate records, and DHCP ownership.
  5. Use a known-good DNS server and a client default DNS path when split DNS or VPN behavior is suspected.
  6. Export mismatches to CSV for DNS owner review instead of editing records during discovery.

Execution Modes

  • local
  • remote-host-list
  • ad-filtered

Inputs and Outputs

Inputs

  • CSV or TXT host list
  • Active Directory computer scope
  • expected DNS server
  • known-good client path

Outputs

  • verbose-console
  • csv

Command Starter

Example pattern only. Adjust for your environment before running.

# ---------------------------------------------------------------------
# Operator inputs
# ---------------------------------------------------------------------
$Hosts = @('server01.contoso.com')
$DnsServer = '10.10.10.10'
$OutputPath = '.\dns-forward-reverse-audit.csv'

# ---------------------------------------------------------------------
# Compare A/AAAA answers with explicit PTR lookups
# ---------------------------------------------------------------------
$Results = foreach ($HostName in $Hosts) {
    $ForwardAnswers = Resolve-DnsName -Name $HostName -Server $DnsServer -ErrorAction SilentlyContinue |
        Where-Object { $_.IPAddress }

    foreach ($Answer in $ForwardAnswers) {
        $ReverseAnswer = Resolve-DnsName -Name $Answer.IPAddress -Type PTR -Server $DnsServer -ErrorAction SilentlyContinue

        [pscustomobject]@{
            HostName    = $HostName
            Address     = $Answer.IPAddress
            ReverseName = ($ReverseAnswer.NameHost -join ', ')
            PtrFound    = [bool]$ReverseAnswer
        }
    }
}

$Results | Export-Csv -Path $OutputPath -NoTypeInformation -Encoding UTF8
$Results | Format-Table -AutoSize

Validation

  • Every host has a documented forward lookup result from the expected DNS server.
  • Every returned address has a documented reverse lookup result or a missing-PTR note.
  • DNS changes, if later approved, are validated by rerunning the same forward and reverse checks.

Reporting

  • export forward and reverse lookup results to CSV
  • group mismatches by missing PTR, duplicate A record, stale address, or unexpected DNS server response
  • promote repeated use into a DNS hygiene report for migration or subnet cleanup

Safety Notes

  • This audit does not create, delete, or modify DNS records.
  • Do not flush caches or change DNS records until the failing answer has been captured and reviewed.