How do I activate reverse DNS functionality for Route 53 with a PTR record?
Last updated: 2022-08-17
I need to configure reverse domain name service (DNS) resolution for a server using Amazon Route 53. How can I do this?
To configure reverse DNS resolution for a Simple Mail Transfer Protocol (SMTP) server, you must first determine the appropriate method for your use case:
- If you have an on-premises SMTP server and you use non-AWS resources, your IP addresses might be owned by a third party. The third party might be another cloud computing platform or your internet service provider (ISP). In this case, you must use the method provided by the IP address owner to configure reverse DNS. The IP address owner might require you to create a reverse DNS record and provide only the name servers to them for delegation. In this case, complete the Resolution steps in the "Using on-premises SMTP servers" section. You must configure Route 53 to respond to reverse DNS lookup queries for your server by creating a public hosted zone. Then, you must add a pointer (PTR) record in it.
- If you have an SMTP server hosted in Amazon Virtual Private Cloud (Amazon VPC) and you use AWS-provided Elastic IP addresses for your servers, then complete the Resolution steps in the "Using SMTP servers hosted in Amazon VPC" section to configure reverse DNS.
Using on-premises SMTP servers
Note: This resolution uses the following example IP addresses for the SMTP server: 22.214.171.124 (IPv4) and 2000:1234:5678:9012:3456:7890:1234:5678 (IPv6).
Create a public hosted zone
Create a public hosted zone for your server’s IP address. For example: 3.2.1.in-addr.arpa (IPv4) or 126.96.36.199.188.8.131.52.184.108.40.206.0.0.0.2.ip6.arpa (IPv6).
Create a record set and PTR record
- Create a record set for your hosted zone.
- Create a PTR record for your SMTP server.
For Name, enter the reversed IP address plus in-addr.arpa (IPv4) or ip6.arpa (IPv6). For example, 220.127.116.11.in-addr.arpa (IPv4) or 18.104.22.168.22.214.171.124.0.9.8.7.126.96.36.199.188.8.131.52.184.108.40.206.220.127.116.11.0.0.0.2.ip6.arpa (IPv6).
For Type, choose PTR – Pointer.
For Value, enter the fully qualified domain name (FQDN) of the SMTP server. For example, mail.example.com.
Note: If your domain has multiple IP blocks, you must create additional reverse hosted zones with corresponding PTR records to resolve the IP addresses.
Set up delegation
After you create the PTR record, you must ask the IP address owner to set up delegation to the name servers in your reverse hosted zone. To locate name server details, follow these steps:
- Open the Route 53 console.
- In the navigation pane, choose Hosted zones.
- Select your hosted zone.
- For Type, choose NS.
- Note the record’s Value.
Note: The time for this new configuration to take effect depends on the time to live (TTL) records of the previous NS record. Note that the TTL records of the previous name server (NS) record might be cached in end-user local DNS servers.
Using SMTP servers hosted in Amazon VPC
- Create a forward DNS record (record type A) that points to the appropriate Elastic IP address.
- Create or update the reverse DNS record for an Elastic IP address:
- For AWS Elastic IP addresses in all Regions – Update the reverse DNS address using the Amazon Elastic Compute Cloud (Amazon EC2) console or the AWS Command Line Interface (AWS CLI). Users can manage Reverse DNS for AWS Elastic IP addresses (IPv4 only). For IPv6 addresses, users are to open a request to remove reverse DNS and email sending limitations. Include your IPv6 addresses and reverse DNS records with your request.