reverse DNS problem

[ryan010101]

Hello,
We sometime get emails bounced back to us saying:
"The server sending your mail [xx.xx.xx.xx] does not have a reverse DNS entry. Connection Rejected"

How do I set up a reverse DNS entry? This is our setup: We host our own Exchange server so when we sent email it is coming from our IP address. Our domain (and website) are hosted by an ISP and on the ISP the MX record for our domain is set to point to our Exchange server.

What do I need to do to prevent emails from being bounced back?

thanks
Ryan

 

[ChrisAC]

You need to know who the reverse zone is delegated to. For example, if your MX record is mail.domain.com which resolves to IP address 111.222.333.444, then you need to find out who has the delegation for the reverse zone 333.222.111.in-addr.arpa. Whoever hosts that zone can then put in a PTR record. So you would have ...

In the forward zone ..

domain.com IN MX mail.domain.com
mail.domain.com IN A 111.222.333.444

So, a PTR record would be created in the reverse zone as ..

444.333.222.111.in-addr.arpa PTR mail.domain.com

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[edzy55]

Chris

I have the same problem but twice. We have 2 mail server's that share the load of our email. We alway's switch them so one may send all email this week while the other take's delivery and vice versa. Is it possible to create 2 reverse dns entry's for one domain? A reverse dns entry to resolve to 2 different ip address's?.

Thanks in advance.

Edzy

 

[ChrisAC]

Technically, yes but practically no! It's best to have one PTR that resolves to a host. Why do you change your mail servers over? Why not just have one server sending out all your email that resolves to one IP address which you can set up reverse DNS on.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[edzy55]

Chris

Thanks for the quick reply. Okay, we had many problem's due to the current mail relay filtering software we run at one stage, the load we thought. Due to it going down all the time we installed a 2nd for redundancy and to give it a break. Also, the second server is at the end of a different supplied internet pipe at a different site of our's. These 2 site's are connected by a 100mb landlink. We've tried to add redundancy in most place's. So we have setup 2 x mail relay server's and spread half the mx records to use the one server as the primary and the other half to the other. Their secondary svr is each other. Each mail domain is spread across them nicely. When thing's go wrong with one server or internet connection we can divert email to be sent out and received at the other. Complicated, but they demanded redundancy.

Our current dns for all domain's is currently handled by our domain supplier. They have told me today that I can't setup reverse dns entry's using their name server's. Unless I'm using their dedicated svr's, I'm not. I'm thinking of bringing DNS serice's for our domains internally. Couple of win2k box's in our dmz's? Sound okay?

So in theory you think I should be okay with 2 X reverse dns entry's for each domain? What should I look out for if anything?

Thanks in advance.


Edzy

 

[ChrisAC]

If you have a primary and secondary MX for each domain then you should be okay to set up the PTR records for each server, eg.

domain IN MX 10 mail.domain.com
domain IN MX 20 backup.domain.com
mail.domain.com IN A 111.222.333.444
backup.domain.com IN A 555.666.777.888


In the reverse zones ..

444.333.222.111.in-addr.arpa PTR mail.domain.com

888.777.666.555.in-addr.arpa PTR backup.domain.com

Be aware that even if you bring your domain in house for DNS, the reverse zone may still be delegated to your ISP.

On a DNS design note, good design would be to have one primary master server that isn't publicly accessible and two slaves that are pubic and are listed as authorative for your domains. This way no one gets access to your primary server.

Good luck.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************