Creating a PTR Record for a VM Instance

Configurable PTR records allow you to define the reverse DNS record associated with the external IP address of a VM instance so applications that rely on these records can operate as intended.

Some applications require reverse DNS records (PTR records) to resolve IP addresses to domain names. For example, applications that use SMTP require a PTR record that points to the domain from which an email is being sent. Without that record, spam filters can mark emails with low reputation, which causes email to end up in spam folders or not be sent at all.

You can add a PTR record only to the primary network interface of a VM instance. It is not available for load balancers, Cloud NAT, or other non-VM IPs.

Before you begin

If you want to use the command-line examples in this guide:
1. Install or update to the latest version of the gcloud command-line tool.
2. Set a default region and zone.
If you want to use the API examples in this guide, set up API access.

Pricing

Compute Engine machine type pricing applies. There are no additional charges for using PTR records with your instances.

Verify your domain ownership

Before you create a VM with a custom PTR record, verify that you own the domain name. Verifying ownership is a security measure to prove to Google you are the domain owner.

Open Webmaster Central and sign in using the Google Cloud account that you will use to add a PTR record to your instance. You can verify domain ownership with multiple accounts.
Click Add a property.
Enter the PTR domain name.
Click Continue.
Follow the instructions and click Verification Details.

After you verify that you own the domain, Webmaster Central lists verification attempts and verified owners.

If your domain name is not immediately verified, use the Recommended Method to obtain verification.

Creating an instance with a PTR record

You can specify a PTR record when you create a new instance. If you want to add a PTR record to an existing instance, read Updating an instance to enable a PTR record.

Create a new instance with a PTR record through the Google Cloud Console, the gcloud tool, or the API.

Console

Create a new instance with a PTR record Google Cloud Console:

Open the create instance page.
Go to the create instance page
Click Management, security, disks, networking, sole tenancy to expand the advanced settings for your instance.
Click Networking to select the instance networking settings.
Create one or more network interfaces to use with this instance. Alternatively, you can use the default network interface.
In the Network Interfaces menu click the edit tool on the first network interface with which you want to associate the PTR record. Only the default network interface can have a PTR record.
Click Enable Public DNS PTR Record.
Enter your domain name in the PTR domain name field.
Click Done to confirm the network interface settings.
Configure the remaining properties for your new instance that you require.
At the bottom of the create instance page, click Create to create the instance.

After the instance starts, run a reverse DNS lookup on the external IP address for your instance to confirm that the PTR record is working as expected.

gcloud

Use the gcloud instances create command to create a new instance with an associated PTR record.

gcloud compute instances create [INSTANCE_NAME] \
    --image-family [IMAGE_FAMILY] \
    --image-project [IMAGE_PROJECT] \
    --public-ptr --public-ptr-domain [DOMAIN_NAME]

where:

[INSTANCE_NAME] is the name of the new VM instance.
[IMAGE_FAMILY] is one of the available image families.
[IMAGE_PROJECT] is the image project that the image family belongs to.
[DOMAIN_NAME] is the domain name that you are adding to this instance.

API

In the API, construct a POST request to create an instance with a PTR record. Add the setPublicPtr and publicPtrDomainName parameters for the specified network access configuration.

POST https://compute.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances

     {
       "machineType": "zones/[ZONE]/machineTypes/[MACHINE_TYPE]",
       "name": "[INSTANCE_NAME]",
       "disks":
    [
      {

       "initializeParams":
      {

       "sourceImage": "projects/debian-cloud/global/images/family/debian-9"
      },
       "boot": true
      }
     ],
      "networkInterfaces":
     [
      {
       "network": "[NETWORK]",
       "accessConfigs":
     [
      {
       "publicPtrDomainName": "[DOMAIN_NAME]",
       "setPublicPtr": true,
       "type": "ONE_TO_ONE_NAT",
       "name": "External IP"
      }
     ]
    }
   ]
  }

where:

[PROJECT_ID] is your project ID.
[ZONE] is the zone where your instance and new disk are located.
[MACHINE_TYPE] is the machine type.
[INSTANCE_NAME] is the name of the virtual machine instance.
[NETWORK] is the URL pointing to your network resource.
[DOMAIN_NAME] is the domain name that you are adding to this instance.

The external IP address resolves to the custom domain name.

Updating an instance to enable a PTR record

If your VM instance uses the primary network interface, you can enable or disable PTR records by updating the access configuration on the primary network interface, 'nic0', for the VM instance.

If your network access is not configured, add the access config, then enable PTR records within the network interface menu.

Console

Update the access config or add the access config to your instance Google Cloud Console:

Go to the VM instances page.
Go to the VM instances page
Click the instance you want to edit.
Click the Edit tool from the top menu.
Click the edit tool next to the primary network interface.
Click External IP drop down menu.
Check the Enable box for Public DNS PTR Record.
Enter your domain name.
Click Done.
Click Save at the bottom of the page to save your settings.

gcloud

Update an existing access config using gcloud tool:

Use the gcloud compute instances update-access-config command to add a PTR record to an existing access configuration.

gcloud compute instances update-access-config [INSTANCE_NAME]
    --public-ptr --public-ptr-domain [DOMAIN_NAME]

To remove a PTR record:

gcloud compute instances update-access-config [INSTANCE_NAME]
    --no-public-ptr

If your instance does not have an access configuration, you can use the gcloud compute instances add-access-config command to add an access config with a PTR record.

gcloud compute instances add-access-config [INSTANCE_NAME]
    --public-ptr --public-ptr-domain [DOMAIN_NAME]

where:

[INSTANCE_NAME] is the name of the virtual machine instance.
[DOMAIN_NAME] is the domain name that you are adding to this instance as a PTR record.

API

In the API, construct a POST request to the updateAccessConfig method to enable the public DNS support for an 'A' or a 'PTR' record. This request keeps an existing external IP address, but adds the setPublicPtr and publicPtrDomainName parameters for the specified network access configuration.

POST https://compute.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances/[INSTANCE_NAME]/updateAccessConfig?networkInterface=nic0

{
  "setPublicPtr": true,
  "publicPtrDomainName": "[DOMAIN_NAME]"
}

where:

[PROJECT_ID] is your project ID.
[ZONE] is the zone where your instance and new disk are located.
[INSTANCE_NAME] is the instance name for this request.
[DOMAIN_NAME] is the domain name that you are adding to this instance as a PTR record.

Alternatively, if your instance does not have a network interface with an access config, construct a similar POST request with the addAccessConfig method to create a new access config for your network interface.

What's next

For an overview of how to configure and manage static external IP addresses for your resources, see Reserving a static external IP address.