Solution 1:

Reverse DNS is a mapping from an IP address to a DNS name. So it's like DNS, but backwards. If you are assigned IP addresses you have to setup reverse DNS to tell the world what the addresses are used for.

In practice, if you want to know what system is at 216.239.32.10 you design what is called a reverse lookup by reverting the ip address and adding in-addr.arpa to it. So it looks like this: 10.32.239.216.in-addr.arpa. A PTR record should then tell you what system it is. The dig tool automates this with the -x switch.

pehrs$ dig -x 216.239.32.10

; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 216.239.32.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49177
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;10.32.239.216.in-addr.arpa.    IN  PTR

;; ANSWER SECTION:
10.32.239.216.in-addr.arpa. 86400 IN    PTR ns1.google.com.

;; AUTHORITY SECTION:
32.239.216.in-addr.arpa. 86400  IN  NS  ns1.google.com.
32.239.216.in-addr.arpa. 86400  IN  NS  ns2.google.com.
32.239.216.in-addr.arpa. 86400  IN  NS  ns4.google.com.
32.239.216.in-addr.arpa. 86400  IN  NS  ns3.google.com.

;; ADDITIONAL SECTION:
ns2.google.com.     205358  IN  A   216.239.34.10
ns1.google.com.     205358  IN  A   216.239.32.10
ns4.google.com.     205358  IN  A   216.239.38.10
ns3.google.com.     205358  IN  A   216.239.36.10

;; Query time: 63 msec
;; SERVER: x#53(x)
;; WHEN: Tue Jan  4 13:35:14 2011
;; MSG SIZE  rcvd: 204

Notice the PTR record. It tells us that 216.239.32.10 is in fact ns1.google.com.

Solution 2:

The short version is that reverse DNS is used to get a domain name from an IP address, while normal DNS is used to get an IP address from a domain name.

The way it actually works is that there's a dummy top-level domain called in-addr.arpa, and to find the domain name for IP address A.B.C.D, the DNS client does a lookup on D.C.B.A.in-addr.arpa. There are various complicated rules for delegation of sub-domains of in-addr.arpa to ensure that those requests go to the correct place. The Wikipedia article is OK, although perhaps a little terse: http://en.wikipedia.org/wiki/Reverse_DNS_lookup.

What it means to you is that if you own a block of IP addresses, and you want to be able to create reverse DNS records for those addresses so that their domain names can be looked up, you need to make sure that whoever you got the block from has set up an appropriate delegation so that you manage a sub-domain of in-addr.arpa and can thus create the appropriate DNS PTR records.

Solution 3:

Since you asked for use of reverse DNS, consider the following.

Someone wants to deliver an email to your mail server. It claims to be the server mail.example.com. You can than use a reverse lookup to check whether his IP actually belongs to the address mail.example.com. If not, you know that there is probably something wrong. If you can not even find a reverse entry, it is even more suspicious. (At least in the last situation the mail will probably be spam and be treated as such by many providers.)

The same holds for other connections as well. In fact, sshd will mark a connection attempt as POSSIBLE BREAK-IN ATTEMPT! if the reverse and forward entry do not match. The default behavior is to ignore it though.