I was wondering how exactly the big companies go about managing all the IP addresses that their public servers use, especially in respect to setting up correct PTR-records.
This is very important, for example, when sending lots of email from production environments, as the receiving mail servers will most likely perform a FCrDNS check to see if PTR and HELO/EHLO match. If it doesn't, you're pretty much guaranteed to be flagged as spam.
What I've found out myself is that facebook and Google do this by assigning third-level A-records for (as it seems) every IP address that they own and then using that in the respective PTR-record. An example would be Google's famous 8.8.8.8
address, which is mapped to google-public-dns-a.google.com
. Another Google IP, 173.194.113.127
, is mapped to fra02s22-in-f31.1e100.net
(nice domain there, Google admins).
Using a third-level subdomain seems to be the most logical, as you can then use a wildcard certificate for your domain in SSL/TLS applications.
In my case, I was thinking about assigning subdomain with a scheme like As mentioned in the comments, underscores are not allowed in hostnames, which makes this approach impossible._srv_foobar.mydomain.tld
to our servers. Starting with an underscore would indicate that this subdomain is used for managing purposes, like _spf.microsoft.com
or _netblocks.google.com
. Is this a valid and sound approach?
Is it the common practice to create an A-record for every IP-address you use? Are there naming schemes that are preferred or should be avoided? I would love to hear about this topic from somebody who has been managing many dozens, hundreds or even thousands of IP addresses. Thanks!