Quick Answer

Reverse DNS (rDNS/PTR records) map your IP address back to a hostname. For email servers, your PTR must point to your mail hostname (mail.yourdomain.com) and that hostname must resolve back to the same IP. Set PTR records in your VPS provider's control panel — not your DNS provider. Hetzner, DigitalOcean, Vultr, OVH, and Linode all offer self-service PTR configuration. AWS requires an Elastic IP and a support request.

Reverse DNS (rDNS) Setup on Major VPS Providers

By Braedon·Mailflow Authority·Self-Hosted SMTP

Reverse DNS: Provider-by-Provider Setup

Every email server needs a PTR record. Without it, most mailbox providers will reject or spam your email. For background on how PTR fits into email infrastructure, see our PTR records guide and VPS comparison. This guide covers PTR setup on every major VPS provider.

What You Need

Before configuring rDNS:

  1. Your mail hostname — typically mail.yourdomain.com
  2. A forward A recordmail.yourdomain.com → YOUR.SERVER.IP
  3. Your server IP — the VPS's primary IPv4 address

The PTR record creates the reverse mapping: YOUR.SERVER.IP → mail.yourdomain.com

Hetzner Cloud

  1. Log into console.hetzner.cloud
  2. Select your project → select the server
  3. Click Networking in the left sidebar
  4. Under Primary IPv4, click the IP address
  5. In the Reverse DNS field, enter mail.yourdomain.com
  6. Click Save

For IPv6 (if needed):

  • Same location, under Primary IPv6
  • Enter the PTR for the specific IPv6 address your server uses

Propagation: Usually immediate. Verify within 5 minutes.

DigitalOcean

DigitalOcean derives PTR records from your droplet's name:

Method 1: Rename Droplet

  1. Log into cloud.digitalocean.com
  2. Select your droplet
  3. Click the droplet name at the top
  4. Rename to mail.yourdomain.com
  5. PTR updates automatically

Method 2: API

curl -X PATCH "https://api.digitalocean.com/v2/droplets/DROPLET_ID" \
  -H "Authorization: Bearer $DO_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "mail.yourdomain.com"}'

Note: DigitalOcean's PTR system is unusual — it's tied to the droplet name. If you rename the droplet for other reasons, the PTR changes too.

Propagation: 5-30 minutes.

Vultr

  1. Log into my.vultr.com
  2. Select your instance
  3. Click Settings tab
  4. Scroll to IPv4 section
  5. Click the Reverse DNS button (pencil icon) next to your IP
  6. Enter mail.yourdomain.com
  7. Click the checkmark to save

For IPv6:

  • Same page, under IPv6 section
  • Click Reverse DNS for your IPv6 address

Propagation: Usually within 5-10 minutes.

OVH / OVHcloud

  1. Log into ovh.com/manager
  2. Navigate to Bare Metal CloudIP (or Public CloudIP for cloud instances)
  3. Find your IP address in the list
  4. Click the ... menu → Modify reverse
  5. Enter mail.yourdomain.com
  6. Click Confirm

Note: OVH requires the forward A record to exist before accepting the PTR. Create the A record first.

Propagation: Can take up to 24 hours. Typically 1-4 hours.

Linode (Akamai)

  1. Log into cloud.linode.com
  2. Select your Linode
  3. Click the Network tab
  4. Under IPv4 Addresses, click Edit RDNS next to your IP
  5. Enter mail.yourdomain.com
  6. Click Save

Note: Linode validates the forward DNS record. Your A record must resolve to the Linode's IP before the PTR is accepted.

Propagation: Usually within 15 minutes.

AWS (EC2 / Lightsail)

AWS requires extra steps:

  1. Assign an Elastic IP to your instance (PTR can't be set on dynamic IPs)
  2. Submit a request via the AWS rDNS request form
  3. Fill in your Elastic IP, desired PTR record, and use case
  4. Wait for approval — typically 1-3 business days

AWS also blocks port 25 by default. You must separately request SMTP sending capability through the same form.

Propagation: After approval, usually 24-48 hours.

Verification

After setting the PTR, verify from multiple sources:

# Check from Google's DNS
dig -x YOUR.IP @8.8.8.8 +short
# Expected: mail.yourdomain.com.

# Check from Cloudflare's DNS
dig -x YOUR.IP @1.1.1.1 +short
# Expected: mail.yourdomain.com.

# Verify forward-confirmed rDNS
dig mail.yourdomain.com @8.8.8.8 +short
# Expected: YOUR.IP

# Full SMTP check
# Send email to [email protected]
# The reply includes PTR verification

Common Issues

PTR Doesn't Match EHLO

Your Postfix myhostname must match your PTR record:

postconf myhostname
# Must return: mail.yourdomain.com

# Fix if wrong:
sudo postconf -e "myhostname = mail.yourdomain.com"
sudo systemctl restart postfix

Provider Requires Forward DNS First

OVH and Linode validate that the A record exists before accepting a PTR. Create the A record and wait for propagation before setting the PTR.

Multiple IPs, Wrong One Used

If your server has multiple IPs, verify which one Postfix uses for outbound:

postconf smtp_bind_address
# If empty, Postfix uses the default route IP

Set the PTR on the IP Postfix actually sends from.

Practitioner note: I've wasted more time on DigitalOcean's droplet-name-as-PTR system than I care to admit. Clients rename their droplet to something descriptive like "production-email-v2" and wonder why their PTR changed. If you use DigitalOcean for email, treat the droplet name as a PTR configuration field, not a label.

Practitioner note: AWS is the worst provider for self-hosted email. Port 25 blocked by default, PTR requires a support request, and the approval process can take days. If a client insists on AWS, I recommend using SES for sending and running the mailbox server elsewhere. Don't fight AWS's email restrictions — they're there for a reason, and working around them is painful.

If you need help configuring reverse DNS or debugging PTR-related delivery failures, schedule a consultation — I'll verify your complete DNS chain across all providers.

Sources

v1.0 · April 2026

Frequently Asked Questions

Why can't I set the PTR record at my DNS provider?

PTR records belong to the IP address owner — your VPS provider, not your domain's DNS host. Your DNS provider manages forward DNS (domain → IP). The VPS provider manages reverse DNS (IP → domain). They're two different zones maintained by two different parties.

How do I verify my reverse DNS is correct?

Run 'dig -x YOUR.IP.ADDRESS +short' from any machine. It should return your mail hostname. Then verify the forward record: 'dig mail.yourdomain.com +short' should return the same IP. Both directions must match.

How long does reverse DNS take to update?

Most VPS providers update PTR records within minutes. Propagation to external DNS resolvers takes 15 minutes to 24 hours, depending on the previous TTL value. Test from multiple locations (Google DNS at 8.8.8.8, Cloudflare at 1.1.1.1) to confirm.

Do I need reverse DNS for both IPv4 and IPv6?

If your mail server sends over IPv6, yes. Many self-hosted setups disable IPv6 for outbound SMTP to avoid managing two PTR records. If you use IPv6, both PTR records must be configured identically.

Want this handled for you?

Free 30-minute strategy call. Walk away with a plan either way.

Related Articles

Best VPS for Self-Hosted Email Server 2026: Hetzner vs DigitalOcean vs Vultr vs OVHcloud

DigitalOcean vs. Hetzner vs. Vultr vs. OVH for Email Servers

How Much Does It Cost to Run Your Own Email Server?

iRedMail Setup Guide: Full-Featured Email Server

KumoMTA Setup: High-Volume Self-Hosted Sending