This article explains how to troubleshoot email delivery failures that reference a bad DNS PTR resource record.
Use this article when outbound email is rejected because the receiving mail system does not accept the reverse DNS configuration for the sending mail server IP address.
Symptoms
Email sent from a mail server is rejected by the receiving mail server with an error similar to:
554 Bad DNS PTR resource record
The exact rejection text may vary by receiving mail system. This type of response can occur when the sending IP address does not pass the receiving mail system’s reverse DNS checks.
What This Means
A PTR record is the DNS record used for reverse DNS. Reverse DNS maps an IP address back to a hostname.
Example:
192.0.2.25 PTR mail.example.com.
Some receiving mail systems check the PTR record for the sending mail server IP address before accepting a message.
A receiving mail system may reject email if the sending IP address has no PTR record, has a generic PTR record, or has a PTR record that does not align with the expected mail server hostname.
Common Causes
- No PTR record exists for the sending mail server IP address.
- The PTR record returns a generic or dynamically assigned hostname instead of a fully qualified mail server hostname.
- The PTR record points to a hostname that does not have matching forward DNS.
- The reverse DNS zone for the sending IP address is not delegated to the DNS provider where the PTR record was created.
- The receiving mail system has a local policy that rejects the PTR record or hostname.
How to Test the PTR Record
- Identify the sending mail server IP address from the bounce message, mail logs, or SMTP test results.
-
Check the PTR record for the sending IP address:
dig -x 192.0.2.25
-
Confirm that the response returns the expected fully qualified mail server hostname.
Example:
mail.example.com.
-
Check that the PTR hostname has a matching forward DNS record:
dig mail.example.com A
-
If the PTR record was created in UltraDNS but does not resolve publicly, check reverse DNS delegation:
dig -x 192.0.2.25 +trace
- Optional: Use an external SMTP or DNS testing tool to confirm whether public mail systems see the same reverse DNS result.
How to Interpret the Results
- If no PTR record is returned, create the PTR record in the authoritative reverse DNS zone.
- If the PTR record returns a generic or dynamic hostname, update the PTR record to a fully qualified mail server hostname.
- If the PTR hostname does not resolve forward to the sending IP address, update the forward DNS record or the PTR record so the records align.
- If UltraDNS is not authoritative for the reverse DNS zone, contact the ISP, hosting provider, or IP address provider that controls the IP block.
- If reverse DNS is configured correctly but mail is still rejected, review the receiving mail system’s rejection policy or contact the receiving mail provider.
How to Resolve the Issue
- Confirm the sending mail server IP address.
- Confirm which reverse DNS zone is authoritative for that IP address.
- Create or update the PTR record in the authoritative reverse DNS zone.
- Set the PTR record target to the fully qualified hostname of the sending mail server.
- Confirm that the PTR target has a valid forward DNS record.
- Re-test the reverse DNS lookup.
- Re-test email delivery.
Expected Outcome
The sending mail server IP address should return the expected PTR hostname, and the PTR hostname should resolve forward to the expected sending IP address.
If the receiving mail system requires forward-confirmed reverse DNS, the PTR and forward DNS results must align with that requirement.
Important Notes
- PTR records must be created in the applicable reverse DNS zone, not in the forward DNS zone.
- Hosting a forward DNS zone in UltraDNS does not automatically mean UltraDNS hosts reverse DNS for the related IP address.
- UltraDNS can host the PTR record only if the applicable reverse DNS zone exists in UltraDNS and is delegated to UltraDNS name servers.
- For IPv4 address
a.b.c.d, the full PTR owner name isd.c.b.a.in-addr.arpa. - For a standard
/24reverse DNS zone, the reverse DNS zone is usuallyc.b.a.in-addr.arpa, and the PTR record name inside that zone isd. - Do not confuse the full PTR owner name with the reverse DNS zone name.
- Some receiving mail systems require forward-confirmed reverse DNS, where the PTR hostname resolves back to the sending IP address.