Solved

Reverse DNS for mail server

Posted on 2001-08-27
7
712 Views
Last Modified: 2013-12-15
Greetings!

I'm getting ready to move a domain to a server hosted
on our site as opposed to contracting it out to a hosting provider.

We have a T1 connection with some IP address space assigned to us by the ISP. Currently this ISP handles
reverse DNS for our IP address space only. The domain
I'm moving is hosted elsewhere. The immediate need
is e-mail. I have a Linux box running Postfix that is
assigned one of the public IP addresses assigned to us.

I plan on setting up a DNS management account with Dotster
which is a web based domain DNS zone file management system. Dotster will actually be handling DNS for the domain name that we are moving. I will be setting up the MX and A records there and they will point to the IP address of my Linux box.

My question is: Will I need to have our ISP delegate reverse DNS for that IP address to us or will it be
okay as is?

I do have a real domain setup as a test. It is setup for DNS managment at Dotster and mail seems to be working fine coming in and going out of the Linux box. I just
need to know if I've just been lucky to not have any problems or if it's okay that the ISP handles reverse DNS.

Thanks,
Rod
reason100





0
Comment
Question by:reason100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 6430645
Okay, you've got a T1 and a net block of some size from your ISP. In that case why bother using some other service to do the DNS hosting. It would make more sense to me to run your own DNS server and have your ISP delegate in-addr.arpa authority to your name server. That way you can manage any number of virtual domains at your site as well as your primary domain.

Even if you use an external DNS service you aren't likely to run into too much of a problem with reverse DNS. Only the really paranoid mail servers insist on matching the forward and reverse lookups. By and large, what's more important is that there be a reverse entry for the IP of the mail server.

What you can always to is to use the real FQDN of the mail server (that your ISP furnishes the in-addr record for) and use a CNAME record pointing to the same name for your virtual domain. As long as the mail server is told that it handles mail for that domain everything will work fine. In other words if I have a local machine with a FQDN (as listed in your ISP's DNS) of virtsrv.my-domain.tld, I'd set up the records for the virtual domain like:

virtual-dom.tld.     IN  MX 10 virtsrv.my-domain.tld.

mail.virtual-dom.tld.  IN CNAME virtsrv.my-domain.tld.

That way there is no problem with paranoid mail servere. The system the think they are talking to is virtsrv.my-domain.tld and the IP they see resolves to virtsrv.my-dom.tld.
0
 
LVL 1

Author Comment

by:reason100
ID: 6433185
Thanks for replying. I have been doing some queries and found that nslookup cannot find any reverse dns records for the IP addresses we are using.
0
 
LVL 1

Author Comment

by:reason100
ID: 6433259
Thanks for replying. I have been doing some queries and found that nslookup cannot find any reverse dns records for the IP addresses we are using.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 40

Expert Comment

by:jlevie
ID: 6434355
In that case your ISP, who supposedly has in-addr authority for those IP's, doesn't have their DNS set up properly. You need to take the issue up with them.
0
 

Expert Comment

by:kruemelmo
ID: 6443970
jlevie said most of what must be said i think.

> Only the really paranoid mail servers insist on matching the forward and reverse lookups.

In other words: If your users expect to be able to receive email from everybody, which is likely, you need matching forward and reverse dns records... in general, names listed in MX (and NS) records need an A record with matching reverse lookup.

Dont use a name in the MX records which only has a CNAME, but nobody has suggested that, this hint is only to be more complete.

If your ISP has not set up the reverse lookup so far, you might be able to influence what they actually put into that zone... we use to send them updated zone file fragments once in a while and they put them in.

Greetings!
0
 
LVL 2

Expert Comment

by:ksemat
ID: 6461162
I guess everything has pretty much been said here. I have seen the freebsd.org maiiling lists refuse posts from people without reverse dns or whose reverse dns does not match with the forwards.

But you're definitely better off handling your own dns servers. Anight reading "dns and Bind" should pretty much solve any problems you come across.
0
 
LVL 1

Author Comment

by:reason100
ID: 6470450
Sorry about the delay in awarding you the points.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question