Configurable PTR records allow you to define the reverse DNS record associated with the external IP address of a VM instance so applications that rely on these records can operate as intended.
Some applications require reverse DNS records (PTR records) to resolve IP addresses to domain names. For example, applications that use SMTP require a PTR record that points to the domain from which an email is being sent. Without that record, spam filters can mark emails with low reputation, which causes email to end up in spam folders or not be sent at all.
You can add a PTR record only to the primary network interface of a VM instance. It is not available for load balancer frontends, Cloud NAT, or other non-VM IP addresses.
To create custom PTR records that override the automatically created internal DNS PTR names, see using PTR records in private zones.
Before you begin
- If you want to use the command-line examples in this guide, do the following:
- Install or update to the latest version of the gcloud command-line tool.
- Set a default region and zone.
- If you want to use the API examples in this guide, set up API access.
Verify your domain ownership
Before you create a VM with a custom PTR record, verify that you own the domain name. Verifying ownership is a security measure to prove to Google you are the domain owner.
- Open Webmaster Central and sign in using the Google Cloud account that you will use to add a PTR record to your instance. You can verify domain ownership with multiple accounts.
- Click Add a property.
- Enter the PTR domain name.
- Click Continue.
- Follow the instructions and click Verification Details.
After you verify that you own the domain, Webmaster Central lists verification attempts and verified owners. Click Add a property for additional domains for which you want to add a PTR record.
If your domain name is not immediately verified, use the Recommended Method to obtain verification.
Creating an instance with a PTR record
You can specify a PTR record when you create a new instance. If you want to add a PTR record to an existing instance, read Updating an instance to enable a PTR record.
Create a new instance with a PTR record through the Google Cloud Console, the
gcloud tool, or the
API.
Console
Create a new instance with a PTR record Google Cloud Console:
- Open the create instance page.
- Click Management, security, disks, networking, sole tenancy to expand the advanced settings for your instance.
- Click Networking to select the instance networking settings.
- Create one or more network interfaces to use with this instance. Alternatively, you can use the default network interface.
- In the Network Interfaces menu click the edit tool on the first network interface with which you want to associate the PTR record. Only the default network interface can have a PTR record.
- Click Enable Public DNS PTR Record.
- Enter your domain name in the PTR domain name field.
- Click Done to confirm the network interface settings.
- Configure the remaining properties for your new instance that you require.
- At the bottom of the create instance page, click Create to create the instance.
After the instance starts, run a reverse DNS lookup on the external IP address for your instance to confirm that the PTR record is working as expected.
gcloud
Use the
gcloud instances create
command to create a new instance with an associated PTR record.
gcloud compute instances create [INSTANCE_NAME] \
--image-family [IMAGE_FAMILY] \
--image-project [IMAGE_PROJECT] \
--public-ptr --public-ptr-domain [DOMAIN_NAME]
where:
[INSTANCE_NAME]is the name of the new VM instance.[IMAGE_FAMILY]is one of the available image families.[IMAGE_PROJECT]is the image project that the image family belongs to.[DOMAIN_NAME]is the domain name that you are adding to this instance.
API
In the API, construct a POST request to create an instance with a PTR record. Add the
setPublicPtr and publicPtrDomainName parameters for the specified
network access configuration.
POST https://compute.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances
{
"machineType": "zones/[ZONE]/machineTypes/[MACHINE_TYPE]",
"name": "[INSTANCE_NAME]",
"disks":
[
{
"initializeParams":
{
"sourceImage": "projects/debian-cloud/global/images/family/debian-9"
},
"boot": true
}
],
"networkInterfaces":
[
{
"network": "[NETWORK]",
"accessConfigs":
[
{
"publicPtrDomainName": "[DOMAIN_NAME]",
"setPublicPtr": true,
"type": "ONE_TO_ONE_NAT",
"name": "External IP"
}
]
}
]
}
where:
[PROJECT_ID]is your project ID.[ZONE]is the zone where your instance and new disk are located.[MACHINE_TYPE]is the machine type.[INSTANCE_NAME]is the name of the virtual machine instance.[NETWORK]is the URL pointing to your network resource.[DOMAIN_NAME]is the domain name that you are adding to this instance.
The external IP address resolves to the custom domain name.
Updating an instance to enable a PTR record
If your VM instance uses the primary network interface, you can enable or disable PTR records by updating the access configuration on the primary network interface, 'nic0', for the VM instance.
If your network access is not configured, add the access config, then enable PTR records within the network interface menu.
Console
Update the access config or add the access config to your instance Google Cloud Console:
- Go to the VM instances page.
- Click the instance you want to edit.
- Click the Edit tool from the top menu.
- Click the edit tool next to the primary network interface.
- Click External IP drop down menu.
- Check the Enable box for Public DNS PTR Record.
- Enter your domain name.
- Click Done.
- Click Save at the bottom of the page to save your settings.
gcloud
Update an existing access config using
gcloud tool:
Use the
gcloud compute instances update-access-config
command to add a PTR record to an existing access configuration.
gcloud compute instances update-access-config [INSTANCE_NAME]
--public-ptr --public-ptr-domain [DOMAIN_NAME]
To remove a PTR record:
gcloud compute instances update-access-config [INSTANCE_NAME]
--no-public-ptr
If your instance does not have an access configuration, you can use the
gcloud compute instances add-access-config
command to add an access config with a PTR record.
gcloud compute instances add-access-config [INSTANCE_NAME]
--public-ptr --public-ptr-domain [DOMAIN_NAME]
where:
[INSTANCE_NAME]is the name of the virtual machine instance.[DOMAIN_NAME]is the domain name that you are adding to this instance as a PTR record.
API
In the API, construct a POST request to the
updateAccessConfig
method to enable the public DNS support for an 'A' or a 'PTR'
record. This request keeps an existing external IP address, but adds the
setPublicPtr and publicPtrDomainName parameters for the specified
network access configuration.
POST https://compute.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances/[INSTANCE_NAME]/updateAccessConfig?networkInterface=nic0
{
"setPublicPtr": true,
"publicPtrDomainName": "[DOMAIN_NAME]"
}
where:
[PROJECT_ID]is your project ID.[ZONE]is the zone where your instance and new disk are located.[INSTANCE_NAME]is the instance name for this request.[DOMAIN_NAME]is the domain name that you are adding to this instance as a PTR record.
Alternatively, if your instance does not have a network interface with an
access config, construct a similar POST request with the
addAccessConfig
method to create a new access config for your network interface.
Limitations
When a VM is migrated during a maintenance event, the PTR record logic doesn't
handle some edge cases correctly and reverts the DNS PTR records to the
googleusercontent.com fully qualified domain name (FQDN). To restore
functionality, apply the PTR record again.
What's next
- For an overview of how to configure and manage static external IP addresses for your resources, see Reserving a static external IP address.