Reverse DNS and PTR Records: Why You Need Them

Reverse DNS and PTR Records: Why You Need Them

Forward DNS turns a name into an IP. Reverse DNS (rDNS) goes the other way — from IP to name. The record behind it is PTR. It's rarely needed for user-facing sites but critical for mail servers, logging, and network diagnostics. Here's how it works and why it matters.

What rDNS and PTR are

PTR (Pointer) is a record in the special in-addr.arpa (IPv4) or ip6.arpa (IPv6) zone. It maps an IP, written in reverse, to a hostname:

34.216.184.93.in-addr.arpa.  IN  PTR  example.com.

A PTR lookup for 93.184.216.34 becomes a query for 34.216.184.93.in-addr.arpa.

IPv6

a.b.c.d.e.f.0.0.0.0.0.0.0.0.0.0.4.0.0.0.0.8.0.0.0.0.0.8.4.8.6.2.ip6.arpa.  IN  PTR  example.com.

Why PTR matters

1. Mail servers

The primary use case. Gmail, Outlook, Yandex and others verify the sender IP has valid PTR. Missing PTR = likely spam classification.

Many filters also require Forward-Confirmed rDNS (FCrDNS): PTR, name, A lookup must return the original IP. This defeats spoofing.

2. Logs and analytics

Server logs often resolve PTR for visitor IPs — handy to distinguish bots from humans and identify organisations.

3. Traceroute and diagnostics

traceroute shows hostnames for each hop — those are PTRs of intermediate routers, useful for identifying providers and regions.

4. FTP and SSH

Some servers verify PTR on inbound connections; missing PTR can slow down or reject the handshake.

Who controls PTR

You can't "just add" a PTR at any DNS provider. The in-addr.arpa zone is delegated to the owner of the IP block — your hosting provider or ISP. They manage PTR.

Typical flow:

1. You buy a VPS/server.
2. In the hoster's panel (Reg.ru, Hetzner, DigitalOcean, Selectel, etc.) find "rDNS" or "PTR".
3. Set the hostname that should resolve for your IP.

Checking PTR

Use DNS Lookup or dig:

dig -x 93.184.216.34 +short
dig PTR 34.216.184.93.in-addr.arpa +short
host 93.184.216.34

FCrDNS check

# Get PTR
dig -x 203.0.113.10 +short
# result: mail.example.com

# A lookup for that name
dig A mail.example.com +short
# must equal 203.0.113.10

Common PTR mistakes

No PTR at all

Mail servers assign low reputation; most mail ends up in spam. Always configure with your provider.

PTR does not equal HELO/EHLO

The SMTP HELO name must match the PTR. Mismatch means spam filters trigger. Configure both identically.

Generic PTR

Providers often default PTR to vps-123-45.provider.com. For production mail, replace it with your real domain.

FCrDNS mismatch

PTR points to mail.example.com, but A for that name resolves to a different IP. Fix the A record.

Setting PTR at popular providers

Hetzner

Robot, Server, IPs, reverse DNS, edit.

DigitalOcean

PTR equals droplet name. Rename the droplet to the required FQDN (mail.example.com).

AWS EC2

PTR on Elastic IP requires a Support Case.

Selectel / Reg.ru / Yandex Cloud

Control panel, VPS, "PTR" or "Reverse DNS".

IPv6 PTR

Not every provider supports manual IPv6 PTR — check their docs. Gmail and other providers increasingly require it for delivery.

FAQ

Does a regular website need PTR?

No. Only if the server sends outbound SMTP.

Can I set multiple PTRs for one IP?

Technically yes, but most filters read the first. Avoid it.

How long does PTR propagation take?

Usually within 24 hours, depending on the provider's TTL.

Do CDNs have PTR?

Yes, generic ones pointing at CDN infrastructure (Cloudflare, Akamai).

Conclusion

PTR is an invisible but critical piece of mail and diagnostic infrastructure. Configure it immediately after deploying a mail server, align with HELO and A records, and verify via DNS Lookup. For continuous monitoring, Enterno.io Monitors supports PTR checks via custom DNS queries.