You may have seen in-addr.space in your server logs or firewall reports and wondered what it is. This article explains what the project is, why you might be seeing it, and whether you should be concerned.

Short answer: in-addr.space is a special wildcard DNS service designed to provide a simple, on-the-fly hostname for any IP address. It’s a handy tool for developers, network engineers, and hobbyists who need a valid domain name that points to a specific IP without having to configure any DNS records.

How does it work?

The core of in-addr.space is it’s unique mapping rule. It creates a domain name by reversing the octets of an IP address and joining them with hyphens.

The rule is: The hostname D-C-B-A.in-addr.space resolves to the IP address A.B.C.D.

Example:
Let’s say you have a server running at the IP address 2.59.22.221 and you need a hostname for it.

  1. Take your IP address: 2.59.22.221
  2. Identify the four parts (octets): A=2, B=59, C=22, D=221
  3. Reverse their order to D-C-B-A: 221-22-59-2
  4. Append the domain: 221-22-59-2.in-addr.space

That’s it! The domain name 221-22-59-2.in-addr.space now points directly to your IP address 2.59.22.221. You can use it immediately in your applications, browser, or configuration files.

Why Is This Useful?

This service eliminates the need for purchasing a domain, editing local host files, or managing DNS zones for temporary or development purposes. Everyday use cases include:

  • Development and Testing: Quickly access a web server or service on your local machine or a remote server using a real hostname.
  • SSL/TLS Certificates: Generate valid SSL/TLS certificates for services that require a hostname, such as when testing secure connections.
  • Dynamic IP Addresses: Easily get a stable hostname for a device on a network with a dynamic IP address.

Security & Abuse

This service is provided for legitimate development and testing purposes. We do not encourage any form of abuse, and several measures are in place to prevent it. For start, to prevent the service from being used for spam or phishing, sending email from any *.in-addr.space domain is strictly prohibited.

This is enforced through the following industry-standard DNS records:

  • SPF: The SPF record is set to v=spf1 -all, which explicitly states that no servers are authorized to send email on behalf of in-addr.space or any of its subdomains
  • DKIM: A wildcard DKIM record is set to v=DKIM1; p=. The empty p= value invalidates any DKIM signature, preventing emails from being authenticated.
  • DMARC: A strict DMARC policy of p=reject is published. This instructs receiving email servers to reject any email that claims to be from this domain and fails SPF or DKIM checks.
  • Null MX Record: The domain’s MX record points to the null (.) mail server, which formally signals that in-addr.space does not accept or route any email.

We have a zero-tolerance policy for using this service for malicious activities such as hosting any form of illegal or unethical content.

If you detect any abusive activity originating from an in-addr.space hostname, please report it immediately to our Abuse Department.

General Availability

Currently, the in-addr.space service is primarily intended for use with Black HOST subnets and soley for Black HOST clients. The code may be open-sourced in the near future, so follow us on GitHub.

Was this article helpful?