Enterprise customers who control their own IP prefix(es) can set up reverse zones with PTR records to allow reverse DNS lookups.
PTR records specify the allowed hosts for a given IP address. They are the opposite of A records and used for reverse DNS lookups.
Historically, PTR records prevented outbound SMTP servers from being blocked by spam filters. However, more modern DNS records — DKIM and DMARC — provide better verifications of domain ownership.
Now, PTR records are primarily useful for those who own a dedicated IP space. They can help populate trace routes and security tools with human-readable domain names.
As PTR records are exclusively used for reverse DNS lookups, they should only be added to reverse zones.
Create a reverse zone and PTR record
The following Cloudflare customers can create reverse zones:
- Enterprise customers with an IPv4 address space can add the IPv4 reverse zone for their IP space to their account and create the required PTR records for forward resolution.
- Enterprise customers with an IPv6 address space need to contact their account team or Customer Support to get the IPv6 reverse zone added to their account.
- DNS Firewall customers need to contact their account team or Customer Support who can add PTR records for the IPs used for their DNS Firewall clusters.
If your account does not meet these qualifications and you do not own the IP prefix you want to add PTR records on, contact the owner of the IP address based on a whois lookup.
To use PTR records, you need to 1) create a reverse DNS zone and 2) add a PTR record for forward resolution.
1. Within your enterprise account, click Add site.
2. For your site name, use the reverse IP address:
- For /24 prefixes, the pattern is:
- IP prefix: <octet_1>.<octet_2>.<octet_3>.0/24
- Reverse zone address: <octet_3>.<octet_2>.<octet_1>.in-addr.arpa
- For /16 prefixes, the pattern is:
- IP prefix: <octet_1>.<octet_2>.0.0/16
- Reverse zone address: <octet_2>.<octet_1>.in-addr.arpa
- IPv4 prefix:
- Reverse zone:
3. If you are adding less than 200 PTR records, select the Free plan. If you are adding more, select the Pro plan.
4. Skip the rest of the onboarding process.
5. Once finished with onboarding, go to DNS.
6. For each IP within the prefix, add a PTR record using the least significant octet(s) as the subdomain.
For example, you might have the following configuration:
- Reverse zone:
- IP address:
The PTR record on the subdomain would be
123, making the full domain for forward lookup
7. Add the two Cloudflare nameservers provided for the zone at your Regional Internet Registry (RIR).
After this process, your reverse zone will be activated and you can perform reverse DNS lookups.