How do I troubleshoot issues with the PTR record that I'm using for reverse DNS in Route 53?

Last updated: 2021-04-22

How do I troubleshoot issues with the pointer record (PTR) that I'm using for reverse DNS in Amazon Route 53?

Short description

Reverse DNS resolution (rDNS) is used to determine the domain name associated with an IP address. This resolution is the reverse of the usual forward DNS lookup of an IP address from a domain name.

Reverse DNS records in a public hosted zone might not work if:

Reverse DNS records in a private hosted zone might not work if:

  • The private hosted zone for the reverse DNS domain isn't associated with the Amazon Virtual Private Cloud (Amazon VPC).
  • The IP address that's queried doesn't match the private hosted zone reverse DNS domain name.
  • The "DNS support" and "DNS hostname" options aren't enabled in the Amazon VPC.
  • The private hosted zone can be queried using only the VPC DNS server.

Resolution

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent AWS CLI version.

Check for reverse DNS record set issues

Use the following command to check whether the reverse DNS record value returned from the DNS resolver matches the expected value. If the IP address isn't resolving to the expected reverse DNS record, check the IP address owner.

On Linux or macOS, use dig -x <IP_Address>:

$ dig -x 3.23.155.245

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.amzn2.2 <<>> -x 3.23.155.245
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31167
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;245.155.23.3.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
245.155.23.3.in-addr.arpa. 298  IN      PTR     ec2-3-23-155-245.us-east-2.compute.amazonaws.com.

;; Query time: 0 msec
;; SERVER: 10.10.0.2#53(10.10.0.2)
;; WHEN: Fri Apr 09 16:14:57 UTC 2021
;; MSG SIZE  rcvd: 116

On Windows, use nslookup <IP_Address>:

$ nslookup  3.23.155.245
245.155.23.3.in-addr.arpa       name = ec2-3-23-155-245.us-east-2.compute.amazonaws.com

Identify the IP address owner

Use the following command to check which organization owns the IP address:

whois <IP_Address>

Contact the IP address owner to create or update the reverse DNS record

Check that the private hosted zone is associated with the appropriate Amazon VPC

Important: The following steps apply only if the reverse DNS record is in a Route 53 private hosted zone.

1.    Open the Route 53 console.

2.    In the navigation pane, choose Hosted Zones.

3.    Select the hosted zone that you're using for the reverse DNS domain.

4.    Choose View Details.

5.    Expand Hosted zone details.

6.    Verify that the private hosted zone is associated with the appropriate Amazon VPC.

Check that the DNS hostnames and DNS resolution parameters are enabled

1.    Open the Amazon VPC console.

2.    In the navigation pane, choose Your VPC.

3.    Select the VPC ID of the Amazon VPC where you're resolving the reverse DNS record.

4.    In the Description pane, confirm that DNS hostnames and DNS resolution are enabled.

Confirm that your custom DNS servers are correctly configuring in your Amazon VPC

Private hosted zones are resolvable only through the Amazon VPC DNS. To confirm that your Amazon VPC settings are correctly configured, follow these steps:

1.    Open the Amazon VPC console.

2.    In the navigation pane, choose DHCP Option Sets.

3.    Select the VPC DHCP Option Set ID associated with your Amazon VPC.

4.    In the Details pane, confirm that the Domain name server is set to the Amazon-provided DNS servers of your Amazon VPC. For example, if the CIDR range for your Amazon VPC is 10.0.0.0/16, then the IP address of the Amazon VPC DNS server is 10.0.0.2 (VPC CIDR + 2) or AmazonProvidedDNS.


Did this article help?


Do you need billing or technical support?