PTR Record
A DNS Pointer (PTR) record provides the domain name associated with an IP address. It is exactly the opposite of an A record, which maps a domain name to an IP address. PTR records are used in reverse DNS lookups and are critical for email deliverability, as many email servers use them to verify that incoming mail comes from legitimate servers.
How it works
While normal (forward) DNS lookups resolve domain names to IP addresses, reverse DNS lookups do the opposite - they start with an IP address and return the associated domain name. PTR records make this possible by storing domain name mappings under IP addresses in a special DNS namespace called in-addr.arpa (for IPv4) or ip6.arpa (for IPv6).
PTR records are stored in a special format to enable reverse DNS lookups:
**Storage Format:**
Instead of being stored under a domain name like A records, PTR records are stored under the IP address - reversed and with
.in-addr.arpa appended. For example:
- IP address: 192.0.2.1
- PTR record name: 1.2.0.192.in-addr.arpa
- Points to: mail.example.com
**Reverse DNS Lookup Process:**
1. A mail server receives email from IP address 192.0.2.1
2. It performs a reverse DNS lookup by querying for 1.2.0.192.in-addr.arpa
3. The DNS system returns the PTR record: mail.example.com
4. The mail server now knows which domain name is associated with that IP
5. For email validation, it may also perform a forward lookup of mail.example.com to verify it returns 192.0.2.1 (FCrDNS check)
**Email Verification:**
Virtually all email relays require that the sending server pass a Forward-Confirmed reverse DNS (FCrDNS) check. This means the PTR record must exist with the same name and address information as the A or AAAA record for the mail server. If the PTR record doesn't exist or doesn't match, email from the sending server will likely be treated as spam or rejected entirely.Key Points
- PTR records enable reverse DNS lookups - converting IP addresses back to domain names
- They are stored in the special
in-addr.arpa(IPv4) orip6.arpa(IPv6) namespace - The IP address is reversed in the record name (e.g., 1.2.0.192.in-addr.arpa for 192.0.2.1)
- PTR records are critical for email deliverability - missing or incorrect PTR records cause emails to be rejected as spam
- Only the entity controlling the IP address (typically your ISP or hosting provider) can create PTR records
Common Use Cases
- Email Server Verification: Email servers use PTR records to verify that incoming mail comes from legitimate mail servers. Missing PTR records cause emails to be flagged as spam or rejected
- Security and Logging: Security tools and server logs use reverse DNS to convert IP addresses in logs to readable domain names, making it easier to identify traffic sources
- Network Troubleshooting: System administrators use reverse DNS lookups to identify which domains or services are associated with specific IP addresses when diagnosing issues
- Anti-Spam Filtering: Email spam filters perform reverse DNS checks to ensure the sending server's IP has a valid PTR record matching its claimed identity
code Example PTR Record Configuration
| Type | Host / Name | Value / Points to | TTL |
|---|---|---|---|
| PTR | 1.2.0.192.in-addr.arpa | mail.example.com | 3600 |
| A | 192.0.2.1 | 3600 | |
| PTR | 10.2.0.192.in-addr.arpa | mail2.example.com | 3600 |
| MX | @ | 10 mail.example.com | 3600 |
* PTR records are managed by whoever controls the IP address (usually your ISP or hosting provider). They use reversed IP format.
Frequently Asked Questions
Why can't I create a PTR record for my domain?expand_more
PTR records can only be created by the entity that controls the IP address block - typically your ISP, hosting provider, or cloud provider. This is because PTR records are stored in reverse DNS zones based on IP addresses, not domain names. You need to contact your provider and request that they create the PTR record for your IP address. Many hosting providers allow you to set PTR records through their control panel.
Do I need a PTR record if I'm not sending email?expand_more
PTR records are primarily important for email servers. If your server doesn't send email, you don't strictly need a PTR record, though it can still be useful for logging and identification purposes. However, if you run any kind of mail server, even for internal use, having a properly configured PTR record is essential to ensure your emails aren't rejected or marked as spam.
What is Forward-Confirmed reverse DNS (FCrDNS)?expand_more
FCrDNS is a validation process where the reverse DNS lookup (PTR) is confirmed by a forward DNS lookup. For example: (1) Reverse lookup of IP 192.0.2.1 returns mail.example.com from the PTR record, (2) Forward lookup of mail.example.com returns 192.0.2.1 from the A record. If both match, FCrDNS validation passes. Most email systems require this for spam prevention.
Can one IP address have multiple PTR records?expand_more
Technically, DNS allows multiple PTR records for a single IP address, but this is strongly discouraged and not supported by most email systems. Most implementations will only use the first PTR record returned. For email purposes, you should have exactly one PTR record per IP address that matches the hostname used in your mail server's HELO/EHLO greeting.
What happens if my PTR record doesn't match my domain?expand_more
If the PTR record doesn't match the domain sending email, recipients' mail servers will fail FCrDNS checks and likely reject your email as spam. The PTR record should match the hostname of your mail server (e.g., mail.example.com), which should also match what the server announces in its SMTP HELO/EHLO greeting. Mismatches are a strong indicator of spam or misconfigured servers.