Correct DNS setup for two WHM AWS instances

Nov 21, 2019
12
1
3
Australia
cPanel Access Level
Root Administrator
Hi guys,

I am in the process of migrating all of my hosting to Amazon AWS after a series of outages with my current host.

I want to run two WHM servers, one for websites, one for mailboxes/email. The websites one will also handle DNS Zones.

I have created TWO Amazon EC2 instances with WHM running:

1. websites.domain.com acts as the website server (connected to an RDS database server), along with also being the DNS Zone manager. It has two elastic/static IP addresses for ns1 and ns2.domain.com

2. email.domain.com acts as the email server. It has an elastic/static IP also.

I create cPanel accounts for each domain on BOTH machines. I edit the DNS Zone on websites.domain.com to point all MX to email.domain.com and email.domain.com A record points to the IP of email.domain.com

I am successfully receiving emails at email.domain.com.

I AM NOT able to send/deliver emails from email.domain.com

Email deliverability report on email.domain.com says connection timed out.

Mail queue says the messages are 'queued'.

DKIM, SPF and DMARC have been configured correctly on websites.domain.com's DNS Zone editor with the correct TXT records provided by email.domain.com.

Email delivery section says I need to create a PTR record. WHM is displaying the following:

"The system sends “email.domain.com”’s outgoing email from the “123.456.789.0” IP address. The only PTR value for this IP address must be “email.domain.com”. This is the name that this server sends with SMTP’s “HELO” command to send “email.domain.com”’s outgoing email.
1 unexpected PTR value exists for this IP address:
  • xxxxxx.ap-southeast-x.compute.amazonaws.com
To fix this problem, replace all PTR records for “123.456.789.0.in-addr.arpa” with the following record at “pdns1.ultradns.net”, “x1.amazonaws.com”, “x2.amazonaws.com”, “x3.amazonaws.org”, and “x4.amazonaws.org”:
I am totally lost with that element. I did reach out to Amazon AWS and request a reverse DNS setup for email.domain.com.

Additionally, would there be any other reason why the system is unable to send emails? Do I need to edit the DNS Zone on email.domain.com at all? Should it have an A Record pointing to itself?

Anything else I am missing here?

Any help is greatly appreciated and thanks in advance.
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,272
1,296
363
Houston
I am totally lost with that element. I did reach out to Amazon AWS and request a reverse DNS setup for email.domain.com.
This is exactly what you need to do in this instance. Because the PTR currently resolves to Amazon's properties instead of your hostname it's invalid. In most cases you're not delegated the authority to make modifications to PTR records, amazon has a blog about this here: Configurable Reverse DNS for Amazon EC2’s Elastic IP Addresses | Amazon Web Services and it's in their FAQ here: Amazon EC2 FAQs - Amazon Web Services

They also throttle traffic on port 25 and from their documentation, it looks like filling out that form for the PTR resolves this issue though.

Thanks!
 
Nov 21, 2019
12
1
3
Australia
cPanel Access Level
Root Administrator
This is exactly what you need to do in this instance. Because the PTR currently resolves to Amazon's properties instead of your hostname it's invalid. In most cases you're not delegated the authority to make modifications to PTR records, amazon has a blog about this here: Configurable Reverse DNS for Amazon EC2’s Elastic IP Addresses | Amazon Web Services and it's in their FAQ here: Amazon EC2 FAQs - Amazon Web Services

They also throttle traffic on port 25 and from their documentation, it looks like filling out that form for the PTR resolves this issue though.

Thanks!
Thanks Lauren, well hopefully that resolves the issue - would you say this is what's causing the outgoing email connections to timeout?
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,272
1,296
363
Houston
Thanks Lauren, well hopefully that resolves the issue - would you say this is what's causing the outgoing email connections to timeout?
Yes, PTR records are extremely important and based on the reading I was doing on that documentation I sent you will indeed cause the throttling which will cause timeouts - also many providers won't even accept your email or a connection from your host without rDNS (A PTR record)
 

inteldigital

Well-Known Member
Apr 5, 2018
88
15
8
England
cPanel Access Level
Root Administrator
Twitter

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,272
1,296
363
Houston
Makes me wonder why Amazon make it nigh on impossible to change your PTR records, when places like Digital Ocean allow this in your control panel.
I'm not an amazon expert but from what I was reading it didn't appear to be too difficult to update your PTR records. In the documentation, I linked above they provide a forum for you to fill out to complete this. Most providers do NOT grant access to make these changes.