What is a PTR Record?

Quick definition: A PTR record, or pointer record, is a DNS record that resolves an IP address to a domain name, playing an essential role in establishing trust for servers by authenticating connections and helping to filter out spam.

In the great wild world of the internet, sometimes the simplest things do the most work. DNS is a perfect example of this, resolving domain names that are easy for humans to remember into numbers that are easy for computers to route traffic with.

While we usually think of DNS as a means to go from a domain name to an IP address, one type of record is the opposite: the PTR record resolves an IP address to a domain name instead.

Why might you know the IP without knowing the domain name? These oddball DNS records are actually very valuable. In this article, we’ll explore why PTR matters, when you would use them, and how to set them up properly.

What is a PTR Record?

A PTR (or pointer) record resolves a given IP address to a domain name. Unlike the more conventional A record, which resolves a domain name to an IP, PTRs do the opposite, which is why they're sometimes called a reverse DNS lookup.

PTR records are formatted with the IP address written backward, then a special reserved in-addr.arpa domain. 

So, for the IP 1.2.3.4, the PTR would be 4.3.2.1.in-addr.arpa. The IP is backward because domains like the .com or .org top-level domains are always organized with the topmost level information on the right.

Why are PTR Records Important?

PTR records are like caller IDs for servers. Back before caller ID, you had to actually answer the phone to know who was calling. With caller ID, though, you can verify the caller's identity even answering by simply looking at your phone. 

Servers can verify an incoming “call” by checking the PTR record when authenticating the “caller" is important. For example, when confirming an email is coming from the actual mail server of a domain and not a scammer.

Mail servers are the most common use case for PTR records. A mail server receiving a message will check the IP address the connection is coming from and look up the PTR record for that IP. 

If the PTR doesn’t match the sending domain (the “from” address in the message), the mail server can be set to reject or quarantine the message. If the IP has no PTR, just like if you might pause before answering a phone call that says “Private” or “Unknown” for the caller ID, the mail server can choose to reject the message. 

This behavior for mail servers is a spam filtering measure. The verification that PTR records provide helps establish trust in the identity of a sending mail server.

How to Set up a PTR Record

Having a properly configured PTR record keeps mail flowing. Without them, email recipients might reject or quarantine your messages as spam. One key difference between PTR records and other types of records is that PTR records are not created with your domain’s DNS provider, but instead with the entity that controls your public IP addresses.

If you host your mail server on-prem, your ISP probably owns those IPs. If you are hosting in a cloud provider like AWS, you would create PTR records with that provider.

Note that while you might host both your DNS and your mail server with the same company, PTR records are still usually not configured in the same panel with DNS records. Each host varies, and it’s worth searching “[your provider] create PTR records” in a search engine like Google as a starting point.

Some providers, like DigitalOcean, automatically create PTR records when you associate a domain name with an IP within your account. Others, like AWS, require manual configuration on your elastic IPs.

There is so much variation between providers that it’s worth looking into the documentation for your cloud. For on-prem, you are in the same boat; some ISPs have a web portal to create and update your PTRs, and some will require you to contact tech support.

Common PTR Record Issues and Troubleshooting

Despite your best preparation, issues may still arise. Here are some common PTR problems and how to troubleshoot them:

1. Trust, then verify: The first step is to do a test lookup of the record using a tool like What Is My DNS. You provide an IP address; it will verify the PTR associated with the IP and, hopefully, your domain name.

2. Incorrect information: Your test lookup might show a typo in the record; so verify and correct the record.

3. Propagation delays: DNS records can take time to propagate across the internet, especially if the TTL is high. After you make changes, give it a few hours to update. 

If you still have problems with PTRs and can't resolve them, then contacting the provider that controls your IPs is the best next step.

Best Practices for PTR Records

Here are some best practices to avoid problems with your PTRs and maintain mail deliverability:

1. Accuracy is key: If there are any typos in a record, it just won’t work. Make sure to double-check for accuracy during record creation.

2. Documentation: Create and keep documentation about all your DNS records, especially your PTR records, as they are easy to forget. This documentation should include how to create and update records, especially if your provider makes it difficult.

3. Include PTR record updates in migrations: If you move hosting providers or ISPs and your IPs change, you must remember to create new PTR records, or you can expect outgoing mail issues.

Final Thoughts on PTR Records 

The small but mighty PTR records are an important aspect of your mail infrastructure,  validating host identity to help reduce spam, something we’re all interested in. Taking the time to create and manage your PTR records will ensure the timely and safe delivery of your outbound messages.

To learn more about DNS and every other essential networking topic, check out Keith Barker's training on the CompTIA Network+ certification!