How do I troubleshoot issues with the PTR record that I'm using for reverse DNS in Route 53?

4 minute read
0

I want to troubleshoot issues with the pointer record (PTR) that I use for reverse DNS in Amazon Route 53.

Short description

Use reverse DNS resolution (rDNS) to determine the domain name that's associated with an IP address. This resolution is the reverse of the usual forward DNS lookup of an IP address from a domain name.

Reverse DNS records in a public hosted zone might not work for the following reasons:

  • There's a problem with the reverse DNS record's configuration.
  • For non-AWS resources: The IP addresses belong to a third party, such as another cloud computing platform or your internet service provider (ISP).

Reverse DNS records in a private hosted zone might not work for the following reasons:

  • The private hosted zone for the reverse DNS domain isn't associated with the Amazon Virtual Private Cloud (Amazon VPC).
  • The queried IP address doesn't match the private hosted zone reverse DNS domain name.
  • You didn't turn on the DNS support and DNS hostname options in Amazon VPC.
  • You're querying the private hosted zone from a server other than the Amazon VPC DNS server.

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you're using the most recent AWS CLI version.

Check for reverse DNS record set issues

Check if the reverse DNS record value that returned from the DNS resolver matches the expected value. To do this, run one of the following commands for your relevant operating system (OS). 

On Linux or macOS, use dig -x IP_ADDRESS:

$ dig -x 3.23.155.245

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.amzn2.2 <<>> -x 3.23.155.245
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31167
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;245.155.23.3.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
245.155.23.3.in-addr.arpa. 298  IN      PTR     ec2-3-23-155-245.us-east-2.compute.amazonaws.com.

;; Query time: 0 msec
;; SERVER: 10.10.0.2#53(10.10.0.2)
;; WHEN: Fri Apr 09 16:14:57 UTC 2021
;; MSG SIZE  rcvd: 116

On Windows, use nslookup IP_ADDRESS:

$ nslookup  3.23.155.245
245.155.23.3.in-addr.arpa       name = ec2-3-23-155-245.us-east-2.compute.amazonaws.com

If the IP address doesn't resolve to the expected reverse DNS record, then check the IP address owner.

Identify the IP address owner

To check which organization owns the IP address, run the following command:

whois IP_ADDRESS

Contact the IP address owner to create or update the reverse DNS record

If you use an AWS Elastic IP address, then complete the following steps to create a reverse DNS record:

For AWS Elastic IP addresses in the US East (Ohio), Africa (Cape Town), Asia Pacific (Mumbai), Canada (Central), and Europe (Milan) Regions

Update the reverse DNS address with the AWS Elastic Compute Cloud (Amazon EC2) console or the AWS CLI.

For AWS Elastic IP addresses in all other Regions

See Request to remove reverse DNS and email sending limitations in the AWS Support console.

For non-AWS resources

To configure reverse DNS, contact the owner of the IP addresses.

Check that the private hosted zone is associated with the appropriate Amazon VPC

Important: The following steps apply only if the reverse DNS record is in a Route 53 private hosted zone.

1.    Open the Route 53 console.

2.    In the navigation pane, choose Hosted Zones.

3.    Select the hosted zone that you're using for the reverse DNS domain.

4.    Choose View Details.

5.    Expand Hosted zone details.

6.    Verify that the private hosted zone is associated with the appropriate Amazon VPC.

Check that the DNS hostnames and DNS resolution parameters are turned on

1.    Open the Amazon VPC console.

2.    In the navigation pane, choose Your VPC.

3.    Select the VPC ID of the Amazon VPC where you're resolving the reverse DNS record.

4.    In the Description pane, confirm that DNS hostnames and DNS resolution are turned on.

Confirm that your custom DNS servers are correctly configured in your Amazon VPC

Private hosted zones are resolvable only through the Amazon VPC DNS. To confirm that your Amazon VPC settings are correctly configured, follow these steps:

1.    Open the Amazon VPC console.

2.    In the navigation pane, choose DHCP Option Sets.

3.    Select the VPC DHCP Option Set ID that's associated with your Amazon VPC.

4.    In the Details pane, confirm that the Domain name server is set to the Amazon-provided DNS servers of your Amazon VPC. For example, if your Amazon VPC's CIDR range is 10.0.0.0/16, then the Amazon VPC DNS server's IP address is 10.0.0.2 (VPC CIDR + 2) or AmazonProvidedDNS.

AWS OFFICIAL
AWS OFFICIALUpdated 9 months ago