diff --git a/src/encap_attack/tool.py b/src/encap_attack/tool.py
index d5bdb7c..83f9cad 100644
--- a/src/encap_attack/tool.py
+++ b/src/encap_attack/tool.py
@@ -140,7 +140,7 @@ def ipip_http(ctx, dst_port: int, http_request: str) -> None:
     ctx.obj["model"].sendHTTP(http_request, ctx.obj["dst_ip"], dst_port=dst_port, src_port=ctx.obj["src_port"])
 
 @ipip_request.command("dns")
-@click.option("-t", "--query-type", type=click.Choice(["SRV", "A", "AAAA", "CNAME"]), help="DNS record query type", required=True)
+@click.option("-t", "--query-type", type=click.Choice(["SRV", "A", "AAAA", "CNAME", "PTR"]), help="DNS record query type", required=True)
 @click.option("-pd", "--dst-port", type=int, help="Destination port [DEFAULT: 53]", default=53)
 @click.argument("query_name")
 @click.pass_context
@@ -211,7 +211,7 @@ def vxlan_http(ctx, dst_port: int, http_request: str) -> None:
     ctx.obj["model"].sendHTTP(http_request, ctx.obj["dst_ip"], dst_port=dst_port, src_port=ctx.obj["src_port"])
 
 @vxlan_request.command("dns")
-@click.option("-t", "--query-type", type=click.Choice(["SRV", "A", "AAAA", "CNAME"]), help="DNS record query type", required=True)
+@click.option("-t", "--query-type", type=click.Choice(["SRV", "A", "AAAA", "CNAME", "PTR"]), help="DNS record query type", required=True)
 @click.option("-pd", "--dst-port", type=int, help="Destination port [DEFAULT: 53]", default=53)
 @click.argument("query_name")
 @click.pass_context
diff --git a/src/encap_attack/utils/encapsulation_models.py b/src/encap_attack/utils/encapsulation_models.py
index b3cf064..fb2bf01 100644
--- a/src/encap_attack/utils/encapsulation_models.py
+++ b/src/encap_attack/utils/encapsulation_models.py
@@ -185,6 +185,9 @@ class EncapsulationModel(ABC):
     def __submitDNS(self, dst_ip: str, qname: str, qtype: str, dst_port: int, src_port: int) -> dict[str, Union[str, int]]:
         """Send an encapsulated DNS request and return the response."""
         
+        if qtype == "PTR":
+            qname = ".".join(qname.split(".")[::-1]) + ".in-addr.arpa"
+
         packet = self._getPacketHeader() / IP(src = self._iface_ip, dst=dst_ip) / UDP(sport=src_port, dport=dst_port) / DNS(rd=1, qd=DNSQR(qname=qname,qtype=qtype))
         
         sniff = self._getAsyncSniffer(filter=f"udp and port {src_port}", count=1)