Configure reverse DNS on AWS Route53, should I use public or private ip

amazon-route53amazon-web-servicesdomain-name-systemreverse-dns

Ive noticed that emails send from my SMTP server ends up in spam folder because of a missing reverse DNS.
The server is hosted on AWS, so is its domain and DNS (Route53).

In the official guide for reverse DNS configuration, Amazon explains the following:

If your SMTP server uses your own public IP address and you want
Amazon Route 53 to respond to reverse DNS lookup queries for that IP
address, create a public hosted zone and put the PTR record there. In
the steps that follow, we use the example IP address 192.168.1.2.

Step 1: In the Amazon Route 53 console, create a new hosted zone with
the name 1.168.192.in-addr.arpa

Questions:

The example IP (192.168.1.2) looks like an internal IP address, is
this correct, or should I use the SMTPs public IP?
Why did amazon remove the last two digits from the IP in the hosted zone?

I guess I'm not the only one who finds the public guide confusing.
Thanks!

Best Answer

This is a misapplication or misunderstanding of the purpose of the document you are reading.

If your SMTP server uses your own public IP address

This is about a server that uses your own public IP address. AWS IPs do not meet that criterion.

The instructions you followed are for IP address space that you control, or that has been delegated to you by your ISP. They are not applicable to elastic IP addresses. You "don't need to use Route 53," as shown in the quote below -- in this case -- would have been more correctly written here as you can't use Route 53 in this case.

Most of the document does not apply to IP addresses owned/controlled by AWS. The only AWS-allocated public IP addresses that are configurable with custom reverse-DNS are elastic IP addresses, and a different process applies (from the same document) --

If you are using an Elastic IP address for your server, you can configure the reverse DNS record of your Elastic IP address by submitting a Request to Remove Email Sending Limitations (root account credentials required), and you don't need to use Amazon Route 53.

Allocate an elastic IP and and configure an A record, such as smtp.example.com using that Elastic IP... then you can use the request form and AWS support will configure the reverse records for you, matching the A record.

The example IP (192.168.1.2) looks like an internal IP address, is this correct, or should I use the SMTPs public IP?

The example is not applicable to you, but you would always use the public IP address on the Internet. Private addresses are not relevant outside your network.

Why did amazon remove the last two digits from the IP in the hosted zone?

That is how reverse DNS is implemented, when you control an entire block of the size we casually refer to as "Class-C" (a CIDR /24, mask 255.255.255.0, 256 addresses). The reverse record for 203.113.0.1 is 1.0.113.203.in-addr.arpa, which is hostname "1" in the "0.113.203.in-addr.arpa" zone. But not applicable, here.

Related Solutions

Vps – configure Reverse DNS for VPS with amazon route 53, ISP or Amazon Route 53 issue

This is common if you have a small subnet delegated from your ISP. It's called RFC 2317 delegation or something like that.

Many ISPs will have you create a PTR record, under your domain (i.e. oscar.com which you have control over), and put a CNAME in their reverse zone (i.e. 0.168.192.in-addr.arpa which the ISP has control over).

For example, for an IP address of 221.222.223.15, the reverse record would be 15.223.222.221.in-addr.arpa. A reverse lookup would look for that record from the owner of the IP address (in your case, myhosting.com or their parent ISP).

The ISP would normally have a record like

    15.223.222.221.in-addr.arpa IN PTR net223ip15.myhosting.com

But in the cname delegation method, they have something like this:

    15.223.222.221.in-addr.arpa IN CNAME 15.oscar.223.222.221.oscar.com

Then you create a record in your zone like this:

    15.oscar.223.222.221.oscar.com IN PTR www.oscar.com

Then folks will look up 221.222.223.15 and follow the CNAME from 15.223.222.221.in-addr.arpa to 15.oscar.223.222.221.oscar.com to www.oscar.com.

I've never had this done for a single IP, but I've had several ISPs do something like this for routed subnets.

Check with myhosting.com to see if they have a preference or specification for the record. But I think this is the general story behind the delegation.

Vps – Reverse DNS and mail delivery (550 4.4.7)

Option 1 won't work. Option 2 wont' work until the PTR record is corrected as noted by @Lazy Badger.

Follow these steps:

pick one domain for the MX and get the PTR record set to point to the domain name you are using as the MX (mail.example.com.) You could use vpsname.myISP.com as your MX if you get them to fix the PTR record, and there is an A record for vpsname.myISP.com pointing to that IP.
Configure EXIM to identify itself as the name you chose for your MX.
Point all the domains to use the chosen MX and configure EXIM to treat these domains as local.
Optionally, configure virtual domains in EXIM for some or all of the domains.
Ensure the postmaster address works for all your domains.

Best Answer

Related Solutions

Vps – configure Reverse DNS for VPS with amazon route 53, ISP or Amazon Route 53 issue

Vps – Reverse DNS and mail delivery (550 4.4.7)

Related Topic