Create a PTR record for a VM instance
ConfigurablePTR records let you define the reverse DNS record associated with the externalIP address of a VM instance so that applications that rely on these records canoperate as intended.
Some applications require reverse DNS records (PTR records) to resolve IPaddresses to domain names. For example, applications that use SMTP requirea PTR record that points to the domain from which an email is being sent.Without that record, spam filters can mark emails with low reputation,which causes email to end up in spam folders or not be sent at all.
You can add PTR records to only the primary network interface of aVM instance. PTR records are not available for load balancer frontends,Cloud NAT, or other non-VM IP addresses.
IPv6 PTR records are only available if the instance's primary network interfaceis connected to a dual-stack or IPv6-only subnet that has an external IPv6address range. For dual-stack network interfaces, you can have separate IPv4and IPv6 PTR records.
To create custom PTR records that override theautomatically created internal DNS PTR names, seeManaged reverse lookup zones.
Before you begin
- If you haven't already, set upauthentication. Authentication verifies your identity for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:
Select the tab for how you plan to use the samples on this page:
Console
When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.
gcloud
Install the Google Cloud CLI. After installation,initialize the Google Cloud CLI by running the following command:
gcloudinit
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
Note: If you installed the gcloud CLI previously, make sure you have the latest version by runninggcloud components update.- Set a default region and zone.
REST
To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.
Install the Google Cloud CLI. After installation,initialize the Google Cloud CLI by running the following command:
gcloudinit
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
Note: If you installed the gcloud CLI previously, make sure you have the latest version by runninggcloud components update.For more information, seeAuthenticate for using REST in the Google Cloud authentication documentation.
Verify your domain ownership
Before you create a VM with a custom PTR record, verify that you own the domainname. Verifying ownership is a security measure to prove to Google that you arethe domain owner.
You can verify your domain name in 2 ways:
- If you have a Google account, you can verify by using Search Console.
- If you have a Google or non-Google account, you can verify by adding yourVM's IP address to your DNS configuration.
Verify by using Search Console
- OpenSearch Consoleand sign in by using the Google Account that you will use to add aPTR record to your instance. You can verify domain ownership withmultiple accounts.
- Enter the PTR domain name.
- ClickContinue.
- Follow the instructions, and then clickGo to Property.
- Click onSettings (found in the menu on the left near the bottom),and then clickOwnership Verification.
After you verify that you own the domain, in theSettings pane,click onUsers to see other verified owners. To add PTR records inother domains, click the property picker on the left that displaysyour current domain. ClickAdd a property to add those domains.
If your domain name is not immediately verified, use theRecommended Methodto obtain verification.
Verify by adding your VM's IP address to your DNS configuration
- If your VM does not exist yet,reserve a regional static external IPaddressand use it later during VM creation.
- Add an "A" record with the VM's external IP address to the DNSconfiguration of your domain.
Create VM instances with PTR records
You can specify PTR records when you create new instances. To adda PTR record for an existing instance, seeAdd PTR records.
Console
In the Google Cloud console, go to theCreate an instance page.
Specify the VM details.
Expand theAdvanced options section, and then do thefollowing:
- Expand theNetworking section.
- Create one or more network interfaces to use with this VM.Alternatively, you can use the default network interface.
- In theNetwork interfaces section, expand the first networkinterface, which is the primary network interface.
- In thePublic DNS PTR record section, select each type of PTRrecord that you want to add.
- In thePTR domain name field, enter a domain name for each typeof PTR record that you want to add.
- In theExternal IPv4 address orExternal IPv6 address field,choose your previously reserved IPaddress. If you have verified your VM's IP address through your DNSconfiguration, then you must specify that address.
- To confirm the network interface settings, clickDone.
Configure the remaining properties for your new VM.
At the bottom of the page, clickCreate.
After the VM starts, you can run a reverse DNS lookup on the externalIP address of your VM to confirm that the PTR record is workingas expected.
gcloud
To create a new instance with an associated IPv4 PTR record, use the
gcloud instances createcommand.gcloud compute instances createINSTANCE_NAME \ --image-familyIMAGE_FAMILY \ --image-projectIMAGE_PROJECT \ --public-ptr \ --public-ptr-domainDOMAIN_NAME \ --address=IP_ADDRESS
Replace the following:
INSTANCE_NAME: the name of the new VM instance.IMAGE_FAMILY: one of theavailable image families.IMAGE_PROJECT: the Google Cloud project againstwhich all image and image family references are resolved. If you don'tsupply a project name, the current default project is used.DOMAIN_NAME: the domain name to add to thisinstance.IP_ADDRESS: your previously reserved IPaddress. If you have verified your VM's IP address through your DNSconfiguration, then you must specify that address.
To create a new instance with an associated IPv6 PTR record, do thefollowing:
REST
To create a new instance with an IPv4 PTR record, make a
POSTrequest to theinstances.insertmethod.POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances{ "machineType": "zones/ZONE/machineTypes/MACHINE_TYPE", "name": "INSTANCE_NAME", "disks": [ { "initializeParams": { "sourceImage": "projects/debian-cloud/global/images/family/debian-10" }, "boot": true } ], "networkInterfaces": [ { "network": "NETWORK", "accessConfigs": [ { "type": "ONE_TO_ONE_NAT", "name": "External NAT", "natIP": "IP_ADDRESS", "publicPtrDomainName": "DOMAIN_NAME", "setPublicPtr": true } ] } ]}Replace the following:
PROJECT_ID: the ID of your project.ZONE: the zone of your instance.MACHINE_TYPE: the machine type.INSTANCE_NAME: the name of the instance.NETWORK: the URL of the network.IP_ADDRESS: your previously reserved IPaddress. If you have verified your VM's IP address through your DNSconfiguration, then you must specify that address.DOMAIN_NAME: the domain name to add.
To create a new instance with an IPv6 PTR record, do the following:
Add PTR records
You can add PTR records by updating the access configuration on the primarynetwork interface,nic0, of a VM instance.
Console
In the Google Cloud console, go to theVM instances page.
Click the instance that you want to edit.
ClickEdit.
In theNetwork interfaces section, click the primary networkinterface.
In thePublic DNS PTR record section, select each type of PTR recordthat you want to add.
In thePTR domain name field, enter a domain name for each type ofPTR record that you want to add.
ClickDone, and then clickSave.
gcloud
If your VM doesn't have an access configuration, add one by using the
gcloud compute instances add-access-configcommand.gcloud compute instances add-access-configINSTANCE_NAME
Replace
INSTANCE_NAMEwith the name of yourinstance.Update the access configuration to add the PTR record by using the
gcloud compute instances update-access-configcommand.To add both IPv4 and IPv6 PTR records, use thefollowing commands individually.For IPv4:
gcloud compute instances update-access-configINSTANCE_NAME \ --public-ptr \ --public-ptr-domainDOMAIN_NAME
For IPv6:
gcloud compute instances update-access-configINSTANCE_NAME \ --ipv6-public-ptr-domain=DOMAIN_NAME
Replace the following:
INSTANCE_NAME: the name of the instance to update.DOMAIN_NAME: the domain name to add.
REST
If your VM doesn't have an access configuration, add oneby making a
POSTrequest to theinstances.addAccessConfigmethod.POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/addAccessConfig?networkInterface="nic0"
Update the access configuration to add the PTR record by making a
POSTrequest to theinstances.updateAccessConfigmethod.To add both IPv4 and IPv6 PTR records, make the following requestsindividually.For IPv4:
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/updateAccessConfig?networkInterface=nic0{ "setPublicPtr": true, "publicPtrDomainName": "DOMAIN_NAME", "type": "ONE_TO_ONE_NAT"}For IPv6:
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/updateAccessConfig?networkInterface=nic0{ "publicPtrDomainName": "DOMAIN_NAME", "type": "DIRECT_IPV6"}
Replace the following:
PROJECT_ID: the project ID.ZONE: the zone of the instance.INSTANCE_NAME: the instance name.DOMAIN_NAME: the domain name to add.
Remove PTR records
To remove PTR records, update the access configurationon the primary network interface,nic0, of a VM instance. When you remove aPTR record, Google Cloud responds to reverse DNS lookups with a defaultfully qualified domain name ofgoogleusercontent.com.
Console
In the Google Cloud console, go to theVM instances page.
Click the instance that you want to edit.
ClickEdit.
In theNetwork interfaces section, click the primary network interface.
In thePublic DNS PTR record section, clear thecheckbox for each type of PTR record that you want to remove.
ClickDone, and then clickSave.
gcloud
To remove a PTR record, use thegcloud compute instances update-access-config command.To remove both IPv4and IPv6 PTR records, use the following commands separately.
For IPv4:
gcloud compute instances update-access-configINSTANCE_NAME \ --no-public-ptr
For IPv6:
gcloud compute instances update-access-configINSTANCE_NAME \ --no-ipv6-public-ptr
ReplaceINSTANCE_NAME with the name of theinstance to update.
REST
To remove a PTR record, make aPOST request to theinstances.updateAccessConfig method.To remove both IPv4 and IPv6 PTR records, make the following requestsindividually.
For IPv4:
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/updateAccessConfig?networkInterface=nic0{ "setPublicPtr": false, "type": "ONE_TO_ONE_NAT"}For IPv6:
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/updateAccessConfig?networkInterface=nic0{ "publicPtrDomainName": "", "type": "DIRECT_IPV6"}
Replace the following:
PROJECT_ID: the project ID.ZONE: the zone of the instance.INSTANCE_NAME: the instance name.
Limitations
When a VM is migrated to another host as part of thelive migration process during maintenance events,the PTR record logic doesn't handle some edge cases correctlyand reverts the DNS PTR records to the fully qualified domain name(FQDN)
googleusercontent.com. To restore functionality, apply the PTR record again.When you stop a VM that has an IPv6 PTR record, the IPv6 PTR record istemporarily deregistered and not visible on the VM. The record is added backautomatically when you restart the VM.
What's next
- For an overview of how to configure and manage static external IPaddresses for your resources, seeReserve a static external IP address.
- To learn how to create and manage virtual machine instances, seeCreate and start a VM instance.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-15 UTC.