2

Ive noticed that emails send from my SMTP server ends up in spam folder because of a missing reverse DNS. The server is hosted on AWS, so is its domain and DNS (Route53).

In the official guide for reverse DNS configuration, Amazon explains the following:

If your SMTP server uses your own public IP address and you want Amazon Route 53 to respond to reverse DNS lookup queries for that IP address, create a public hosted zone and put the PTR record there. In the steps that follow, we use the example IP address 192.168.1.2.

Step 1: In the Amazon Route 53 console, create a new hosted zone with the name 1.168.192.in-addr.arpa

Questions:

  1. The example IP (192.168.1.2) looks like an internal IP address, is this correct, or should I use the SMTPs public IP?
  2. Why did amazon remove the last two digits from the IP in the hosted zone?

I guess I'm not the only one who finds the public guide confusing. Thanks!

Vingtoft
  • 1,547
  • 3
  • 15
  • 17

2 Answers2

1

The example IP is private, use your public address instead.

The zone is always of the "parent domain", hence the zone starts with the reversed address minus the last octet (2 in the example). In the zone one then declares the PTR record which has the fully reversed address as the name and the domain name as the value.

Jonah Benton
  • 1,252
  • 7
  • 13
  • In the example, the reversed address is the IP minus the last two octets (1.2). Can you please confirm that my reverse address is xx.yy.zzz if my IP is xx.yy.zzz.uuu (following AWS's example, my reversed address should be xx.yy). Thanks! – Vingtoft Sep 21 '16 at 11:31
  • Hmm, I don't see that on the page. The page says that the zone is 1.168.192.in-addr.arpa and in that zone one creates a record of type PTR with the last octet- 2- which is combined with the zone prefix to yield a full name of 2.1.168.192.in-addr.arpa. In your example, the full reverse address would be uuu.zzz.yy.zz.in-addr.arpa. – Jonah Benton Sep 21 '16 at 11:54
1

This is a misapplication or misunderstanding of the purpose of the document you are reading.

If your SMTP server uses your own public IP address

This is about a server that uses your own public IP address. AWS IPs do not meet that criterion.

The instructions you followed are for IP address space that you control, or that has been delegated to you by your ISP. They are not applicable to elastic IP addresses. You "don't need to use Route 53," as shown in the quote below -- in this case -- would have been more correctly written here as you can't use Route 53 in this case.

Most of the document does not apply to IP addresses owned/controlled by AWS. The only AWS-allocated public IP addresses that are configurable with custom reverse-DNS are elastic IP addresses, and a different process applies (from the same document) --

If you are using an Elastic IP address for your server, you can configure the reverse DNS record of your Elastic IP address by submitting a Request to Remove Email Sending Limitations (root account credentials required), and you don't need to use Amazon Route 53.

Allocate an elastic IP and and configure an A record, such as smtp.example.com using that Elastic IP... then you can use the request form and AWS support will configure the reverse records for you, matching the A record.

The example IP (192.168.1.2) looks like an internal IP address, is this correct, or should I use the SMTPs public IP?

The example is not applicable to you, but you would always use the public IP address on the Internet. Private addresses are not relevant outside your network.

Why did amazon remove the last two digits from the IP in the hosted zone?

That is how reverse DNS is implemented, when you control an entire block of the size we casually refer to as "Class-C" (a CIDR /24, mask 255.255.255.0, 256 addresses). The reverse record for 203.113.0.1 is 1.0.113.203.in-addr.arpa, which is hostname "1" in the "0.113.203.in-addr.arpa" zone. But not applicable, here.

I answered a similar question on Stack Overflow.

Michael - sqlbot
  • 22,658
  • 2
  • 63
  • 86
  • You are absolutely right. Normally I think AWS documentation is spot on, but I must admit this is not the case here. It turns out the way to get a reverse DNS is to "request to remove email sending limitations", even though the two things doesn't necessarily have a any things in common. (my system does not send out a lot of mails, no need to remove the limitations in my case) Thank you!! – Vingtoft Sep 22 '16 at 06:57