Correct DNS setup for two WHM AWS instances
Hi guys,
I am in the process of migrating all of my hosting to Amazon AWS after a series of outages with my current host.
I want to run two WHM servers, one for websites, one for mailboxes/email. The websites one will also handle DNS Zones.
I have created TWO Amazon EC2 instances with WHM running:
1. websites.domain.com acts as the website server (connected to an RDS database server), along with also being the DNS Zone manager. It has two elastic/static IP addresses for ns1 and ns2.domain.com
2. email.domain.com acts as the email server. It has an elastic/static IP also.
I create cPanel accounts for each domain on BOTH machines. I edit the DNS Zone on websites.domain.com to point all MX to email.domain.com and email.domain.com A record points to the IP of email.domain.com
I am successfully receiving emails at email.domain.com.
I AM NOT able to send/deliver emails from email.domain.com
Email deliverability report on email.domain.com says connection timed out.
Mail queue says the messages are 'queued'.
DKIM, SPF and DMARC have been configured correctly on websites.domain.com's DNS Zone editor with the correct TXT records provided by email.domain.com.
Email delivery section says I need to create a PTR record. WHM is displaying the following:
[QUOTE]"The system sends "email.domain.com""s outgoing email from the "123.456.789.0" IP address. The only PTR value for this IP address must be "email.domain.com". This is the name that this server sends with SMTP"s "HELO" command to send "email.domain.com""s outgoing email.
1 unexpected PTR value exists for this IP address:
I am totally lost with that element. I did reach out to Amazon AWS and request a reverse DNS setup for email.domain.com. Additionally, would there be any other reason why the system is unable to send emails? Do I need to edit the DNS Zone on email.domain.com at all? Should it have an A Record pointing to itself? Anything else I am missing here? Any help is greatly appreciated and thanks in advance.
- xxxxxx.ap-southeast-x.compute.amazonaws.com
I am totally lost with that element. I did reach out to Amazon AWS and request a reverse DNS setup for email.domain.com. Additionally, would there be any other reason why the system is unable to send emails? Do I need to edit the DNS Zone on email.domain.com at all? Should it have an A Record pointing to itself? Anything else I am missing here? Any help is greatly appreciated and thanks in advance.
-
I am totally lost with that element. I did reach out to Amazon AWS and request a reverse DNS setup for email.domain.com.
This is exactly what you need to do in this instance. Because the PTR currently resolves to Amazon's properties instead of your hostname it's invalid. In most cases you're not delegated the authority to make modifications to PTR records, amazon has a blog about this here: Configurable Reverse DNS for Amazon EC2"s Elastic IP Addresses | Amazon Web Services and it's in their FAQ here: Amazon EC2 FAQs - Amazon Web Services They also throttle traffic on port 25 and from their documentation, it looks like filling out that form for the PTR resolves this issue though. Thanks!0 -
This is exactly what you need to do in this instance. Because the PTR currently resolves to Amazon's properties instead of your hostname it's invalid. In most cases you're not delegated the authority to make modifications to PTR records, amazon has a blog about this here: and it's in their FAQ here:
0 -
I am also running ConfigServer Firewall but I have opened up the ports etc 0 -
Thanks Lauren, well hopefully that resolves the issue - would you say this is what's causing the outgoing email connections to timeout?
Yes, PTR records are extremely important and based on the reading I was doing on that documentation I sent you will indeed cause the throttling which will cause timeouts - also many providers won't even accept your email or a connection from your host without rDNS (A PTR record)0 -
@scottrichardson Did you resolve this? If so how long did it take. I'm running on LightSail (which I hope is EC2 instances) I'm assuming this for will work for me too @cPanelLauren ? As a side note, you need to open all of the ports listed here How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation that you use in both CSF and in your AWS security policy! 0 -
@inteldigital if you're having the same issue, it should, yes. 0 -
@inteldigital if you're having the same issue, it should, yes.
Makes me wonder why Amazon make it nigh on impossible to change your PTR records, when places like Digital Ocean allow this in your control panel.0 -
Makes me wonder why Amazon make it nigh on impossible to change your PTR records, when places like Digital Ocean allow this in your control panel.
I'm not an amazon expert but from what I was reading it didn't appear to be too difficult to update your PTR records. In the documentation, I linked above they provide a forum for you to fill out to complete this. Most providers do NOT grant access to make these changes.0
Please sign in to leave a comment.
Comments
8 comments