DNS Scanner
WorldIP.io operates a continuous reverse-DNS scanner. This page explains what we scan, how to identify our traffic, and how to reach us.
What we scan
We issue standard DNS PTR (pointer) queries against .in-addr.arpa zones to resolve reverse-DNS hostnames for every allocated IPv4 address. This is the same type of query any mail server, logging system, or network tool performs when it resolves a hostname from an IP.
- Scope — All allocated IPv4 address space (~3.79 billion IPs across ARIN, RIPE, APNIC, LACNIC, and AfriNIC).
- Protocol — DNS only. No TCP connections, no port scans, no HTTP requests to target IPs.
- Rate — Approximately 15,000 PTR queries per second fleet-wide, distributed across many resolvers. Queries to any single network are rate-limited so no individual authoritative nameserver receives a burst.
- Cycle time — Every IP is re-queried roughly every 4–5 days to keep records current as DNS TTLs expire and PTR assignments change.
- Purpose — Data is indexed to power the PTR search, IP detail pages, and hostname analytics on WorldIP.io. It is not used for security scanning, port enumeration, or any intrusive activity.
Identifying our traffic
All scanner traffic originates from IP addresses with forward-confirmed PTR records under worldip.io. Each node has its own hostname (for example scanner01-us-va.worldip.io). You can verify the source of any query by performing a reverse-DNS lookup on the querying IP:
dig -x <querying-IP> # returns a scanner*.worldip.io hostname
Forward-confirmed reverse DNS (the returned hostname → A record → the same IP) is maintained for every active scanner address.
Each scanner hostname publishes a DNS TXT record for machine-readable identification, for example:
scanner01-us-va.worldip.io TXT "scanner=worldip.io; owner=Tuxxin LLC; abuse=abuse@worldip.io; info=https://worldip.io/scanner"
Opting out
PTR records are publicly delegated DNS data — querying them is equivalent to any resolver performing a reverse lookup. There is no standard opt-out mechanism for DNS queries.
If you operate authoritative nameservers for an .in-addr.arpa zone and wish to prevent our scanner from querying your delegation, you may:
- Add a firewall rule blocking queries from
scanner.worldip.ioaddresses (see PTR above for IP identification). - Email abuse@worldip.io with your IP range and we will exclude it from future scan cycles.
Contact
For questions or concerns about scanning activity:
- Email: abuse@worldip.io
- General contact: /contact
- Operated by: Tuxxin LLC, Orlando, FL
We respond to all abuse and opt-out requests within 1–2 business days.
Further reading
Data sources & methodology — full breakdown of all data WorldIP.io collects and how it is used.
Privacy policy — how visitor data is handled.
