Question

Server behind Wireguard and Firewalld, Public IP and PTR

Hello,

I am new to Digitalocean. I have mostly successfully set up a fedora droplet running wireguard and firewalld with a floating ip to direct traffic to a roaming laptop running a small web and mail server that reconnects automatically as it is moves to different locations. So far during testing on the backup laptop and test domain, it works great, the web server works great, IMAP works great, cal/carddav, perfect.

BUT I just ran into an issue with my project, I just now I realized that the PTR record uses the public IP and not the floating IP, which make email sending a problem. So I think I need to try using the public ip of the droplet instead of the floating ip at least for the email and maybe for all of my project to set up the PTR.

Looking for suggestions, Is there a guide or a different way to do this? And, for reasons I can’t get into now, I can’t migrate anything off the laptop server to a new proper server at the moment, but will eventually.

Thanks in advance.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

OK thanks! I will rename the droplet hostname to server.doman.tld

And my DNS records should look like:

Type - Hostname - Value A - domain.tld - {floating_ip} A - server.domain.tld - {public_ip} MX - domain.tld - server.domain.tld

Correct? Thanks again.

Greetings!

Great question. The floating IP is not meant to be treated as a local IP on the system. Rather, it’s more of a traffic forwarder. When sending email you should use the droplet’s public IP. The PTR record for that IP is set by the name of the droplet, so you just rename the droplet (in our cloud panel) to a fully qualified domain name to set the PTR. By default all of your mail should be going out through the droplet IP, no change should be necessary to not send through the floating IP, as it would actually require quite some trickery to do that.

Now, your droplet PTR doesn’t have to match the A record you have for the floating IP. You want to avoid this scenario:

domain.tld = {floating_ip}
{droplet_hostname} = domain.tld
{public_ip_ptr} = domain.tld

Because then the PTR wouldn’t have a matching A record. So instead, maybe you would do something like this:

domain.tld = {floating_ip}
{droplet_hostname} = server.domain.tld
{public_ip_ptr} = server.domain.tld

Now you have PTR working with forward confirmed DNS, and your domain never has to be moved from the floating IP.

Jarland