Creating a PTR Record for a VM Instance

Configurable PTR records allow you to define the reverse DNS record associated with the external IP address of a VM instance so applications that rely on these records can operate as intended.

Some applications require reverse DNS records (PTR records) to resolve IP addresses to domain names. For example, applications that use SMTP require a PTR record that points to the domain from which an email is being sent. Without that record, spam filters can mark emails with low reputation, which causes email to end up in spam folders or not be sent at all.

You can add a PTR record only to the primary network interface of a VM instance. It is not available for load balancer frontends, Cloud NAT, or other non-VM IP addresses.

To create custom PTR records that override the automatically created internal DNS PTR names, see using PTR records in private zones.

Before you begin

Verify your domain ownership

Before you create a VM with a custom PTR record, verify that you own the domain name. Verifying ownership is a security measure to prove to Google you are the domain owner.

  1. Open Webmaster Central and sign in using the Google Cloud account that you will use to add a PTR record to your instance. You can verify domain ownership with multiple accounts.
  2. Click Add a property.
  3. Enter the PTR domain name.
  4. Click Continue.
  5. Follow the instructions and click Verification Details.

After you verify that you own the domain, Webmaster Central lists verification attempts and verified owners. Click Add a property for additional domains for which you want to add a PTR record.

If your domain name is not immediately verified, use the Recommended Method to obtain verification.

Creating an instance with a PTR record

You can specify a PTR record when you create a new instance. If you want to add a PTR record to an existing instance, read Updating an instance to enable a PTR record.

Create a new instance with a PTR record through the Google Cloud Console, the gcloud tool, or the API.

Console

Create a new VM with a PTR record Google Cloud Console:

  1. In the Google Cloud Console, go to the Create an instance page.

    Go to Create an instance

  2. Specify the VM details.

  3. To expand the advanced settings for your VM, expand the Networking, disks, security, management, sole tenancy section, and do the following:

    1. Expand the Networking section.
    2. Create one or more network interfaces to use with this VM. Alternatively, you can use the default network interface.
    3. In the Network Interfaces menu, expand the first network interface with which you want to associate the PTR record. Only the default network interface can have a PTR record.
      1. In thePublic DNS PTR Record section, select the Enable checkbox.
      2. Enter your domain name in the PTR domain name field.
      3. To confirm the network interface settings, click Done.
  4. Configure the remaining properties for your new VM that you require.

  5. To create the VM, click Create.

After the VM starts, run a reverse DNS lookup on the external IP address for your VM to confirm that the PTR record is working as expected.

gcloud

Use the gcloud instances create command to create a new instance with an associated PTR record.

gcloud compute instances create [INSTANCE_NAME] \
    --image-family [IMAGE_FAMILY] \
    --image-project [IMAGE_PROJECT] \
    --public-ptr --public-ptr-domain [DOMAIN_NAME]

where:

  • [INSTANCE_NAME] is the name of the new VM instance.
  • [IMAGE_FAMILY] is one of the available image families.
  • [IMAGE_PROJECT] is the image project that the image family belongs to.
  • [DOMAIN_NAME] is the domain name that you are adding to this instance.

API

In the API, construct a POST request to create an instance with a PTR record. Add the setPublicPtr and publicPtrDomainName parameters for the specified network access configuration.

POST https://compute.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances

     {
       "machineType": "zones/[ZONE]/machineTypes/[MACHINE_TYPE]",
       "name": "[INSTANCE_NAME]",
       "disks":
    [
      {

       "initializeParams":
      {

       "sourceImage": "projects/debian-cloud/global/images/family/debian-9"
      },
       "boot": true
      }
     ],
      "networkInterfaces":
     [
      {
       "network": "[NETWORK]",
       "accessConfigs":
     [
      {
       "publicPtrDomainName": "[DOMAIN_NAME]",
       "setPublicPtr": true,
       "type": "ONE_TO_ONE_NAT",
       "name": "External IP"
      }
     ]
    }
   ]
  }

where:

  • [PROJECT_ID] is your project ID.
  • [ZONE] is the zone where your instance and new disk are located.
  • [MACHINE_TYPE] is the machine type.
  • [INSTANCE_NAME] is the name of the virtual machine instance.
  • [NETWORK] is the URL pointing to your network resource.
  • [DOMAIN_NAME] is the domain name that you are adding to this instance.

The external IP address resolves to the custom domain name.

Updating an instance to enable a PTR record

If your VM instance uses the primary network interface, you can enable or disable PTR records by updating the access configuration on the primary network interface, 'nic0', for the VM instance.

If your network access is not configured, add the access config, then enable PTR records within the network interface menu.

Console

Update the access config or add the access config to your instance Google Cloud Console:

  1. Go to the VM instances page.

    Go to the VM instances page

  2. Click the instance you want to edit.
  3. Click the Edit tool from the top menu.
  4. Click the edit tool next to the primary network interface.
  5. Click External IP drop down menu.
  6. Check the Enable box for Public DNS PTR Record.
  7. Enter your domain name.
  8. Click Done.
  9. Click Save at the bottom of the page to save your settings.

gcloud

Update an existing access config using gcloud tool:

Use the gcloud compute instances update-access-config command to add a PTR record to an existing access configuration.

gcloud compute instances update-access-config [INSTANCE_NAME]
    --public-ptr --public-ptr-domain [DOMAIN_NAME]

To remove a PTR record:

gcloud compute instances update-access-config [INSTANCE_NAME]
    --no-public-ptr

If your instance does not have an access configuration, you can use the gcloud compute instances add-access-config command to add an access config with a PTR record.

gcloud compute instances add-access-config [INSTANCE_NAME]
    --public-ptr --public-ptr-domain [DOMAIN_NAME]

where:

  • [INSTANCE_NAME] is the name of the virtual machine instance.
  • [DOMAIN_NAME] is the domain name that you are adding to this instance as a PTR record.

API

In the API, construct a POST request to the updateAccessConfig method to enable the public DNS support for an 'A' or a 'PTR' record. This request keeps an existing external IP address, but adds the setPublicPtr and publicPtrDomainName parameters for the specified network access configuration.

POST https://compute.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances/[INSTANCE_NAME]/updateAccessConfig?networkInterface=nic0

{
  "setPublicPtr": true,
  "publicPtrDomainName": "[DOMAIN_NAME]"
}

where:

  • [PROJECT_ID] is your project ID.
  • [ZONE] is the zone where your instance and new disk are located.
  • [INSTANCE_NAME] is the instance name for this request.
  • [DOMAIN_NAME] is the domain name that you are adding to this instance as a PTR record.

Alternatively, if your instance does not have a network interface with an access config, construct a similar POST request with the addAccessConfig method to create a new access config for your network interface.

Limitations

When a VM is migrated during a maintenance event, the PTR record logic doesn't handle some edge cases correctly and reverts the DNS PTR records to the googleusercontent.com fully qualified domain name (FQDN). To restore functionality, apply the PTR record again.

What's next