DigitalOcean

Report this

What is the reason for this report?
Question

Server behind Wireguard and Firewalld, Public IP and PTR

Posted on April 11, 2019
Email
VPN
Networking
DigitalOcean
Mike2019

By Mike2019

Hello,

I am new to Digitalocean. I have mostly successfully set up a fedora droplet running wireguard and firewalld with a floating ip to direct traffic to a roaming laptop running a small web and mail server that reconnects automatically as it is moves to different locations. So far during testing on the backup laptop and test domain, it works great, the web server works great, IMAP works great, cal/carddav, perfect.

BUT I just ran into an issue with my project, I just now I realized that the PTR record uses the public IP and not the floating IP, which make email sending a problem. So I think I need to try using the public ip of the droplet instead of the floating ip at least for the email and maybe for all of my project to set up the PTR.

Looking for suggestions, Is there a guide or a different way to do this? And, for reasons I can’t get into now, I can’t migrate anything off the laptop server to a new proper server at the moment, but will eventually.

Thanks in advance.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Mike2019
Mike2019
April 12, 2019

OK thanks! I will rename the droplet hostname to server.doman.tld

And my DNS records should look like:

Type - Hostname - Value A - domain.tld - {floating_ip} A - server.domain.tld - {public_ip} MX - domain.tld - server.domain.tld

Correct? Thanks again.

0
jarland
jarlandDigitalOcean Employee badge
April 11, 2019

Greetings!

Great question. The floating IP is not meant to be treated as a local IP on the system. Rather, it’s more of a traffic forwarder. When sending email you should use the droplet’s public IP. The PTR record for that IP is set by the name of the droplet, so you just rename the droplet (in our cloud panel) to a fully qualified domain name to set the PTR. By default all of your mail should be going out through the droplet IP, no change should be necessary to not send through the floating IP, as it would actually require quite some trickery to do that.

Now, your droplet PTR doesn’t have to match the A record you have for the floating IP. You want to avoid this scenario:

domain.tld = {floating_ip}
{droplet_hostname} = domain.tld
{public_ip_ptr} = domain.tld

Because then the PTR wouldn’t have a matching A record. So instead, maybe you would do something like this:

domain.tld = {floating_ip}
{droplet_hostname} = server.domain.tld
{public_ip_ptr} = server.domain.tld

Now you have PTR working with forward confirmed DNS, and your domain never has to be moved from the floating IP.

Jarland

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.