How to Configure PTR DNS Records on Cloudflare Platform

PTR (pointer) records are an important part of DNS configuration, especially for email delivery. They allow reverse DNS lookups, mapping IP addresses to domain names. This helps identify the source of emails and network traffic, improving deliverability and security.

Configuring PTR records on Cloudflare is straightforward for customers that own IP address space. Here is a step-by-step guide to setting up PTR records correctly.

Overview of PTR Records

A PTR record enables a reverse DNS lookup, resolving an IP address to a domain name. For example, when an email server receives a message, it can perform a reverse lookup on the sender’s IP to verify the origin domain.

PTR records are primarily useful for those with dedicated IP addresses, as they populate network trace tools and security logs. They should be configured in reverse DNS zones, corresponding to IP address blocks.

Benefits of PTR records:

  • Improve email deliverability by verifying sender domains
  • Enrich network trace route data with hostnames
  • Support security analysis and forensics

Prerequisites

To configure PTR records with Cloudflare, you need:

  • A Cloudflare enterprise account
  • Ownership of IPv4 or IPv6 address space
  • Access to update NS records at your Regional Internet Registry (RIR)

Step 1 – Add Reverse DNS Zone

First, you need to add a reverse DNS zone representing your IP address space:

  1. In the Cloudflare dashboard, click Add site
  2. Enter the reverse IP as the zone name
    • e.g. 123.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa for 2001:db8:: addresses
  3. Select the Free plan
  4. Skip onboarding steps after adding nameservers

This activates the reverse DNS zone for PTR configuration.

Step 2 – Configure PTR Records

With the zone active, add PTR records mapping IP addresses to hostnames:

  1. Go to DNS > Records in the Cloudflare dashboard
  2. For each IP address you want to map, add a PTR record:
    • Subdomain is the least significant octets separated by dots
      • e.g. 5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
    • Set target hostname for that IP
  3. Repeat for all IPs that need PTR records

Step 3 – Update Nameservers

Finally, configure your RIR account to use Cloudflare nameservers:

  1. Copy the two Cloudflare nameservers for your zone
  2. At your RIR (ARIN, RIPE, APNIC, etc.), update the nameservers
  3. This delegates management of reverse DNS to Cloudflare

Once these steps are complete, reverse DNS and PTR records are fully configured on Cloudflare. You can now perform reverse lookups and identify traffic sources.

Troubleshooting

Here are some tips for troubleshooting PTR issues:

  • Carefully check subdomain names match IP octets
  • Confirm zone name matches IP block
  • Use DNS lookup tools to test records
  • Check RIR has updated nameserver delegation
  • Seek assistance from Cloudflare enterprise support if needed

Conclusion

Configuring PTR records on the Cloudflare platform improves email deliverability and security for your IP space. With the above steps, you can set up reverse DNS zones and records to enable reverse lookups.

Keep your PTR records updated as you add more systems and services. This helps identify all traffic, enhancing analysis and protection capabilities.