Solved

Reverse DNS for mail server

Posted on 2001-08-27
7
699 Views
Last Modified: 2013-12-15
Greetings!

I'm getting ready to move a domain to a server hosted
on our site as opposed to contracting it out to a hosting provider.

We have a T1 connection with some IP address space assigned to us by the ISP. Currently this ISP handles
reverse DNS for our IP address space only. The domain
I'm moving is hosted elsewhere. The immediate need
is e-mail. I have a Linux box running Postfix that is
assigned one of the public IP addresses assigned to us.

I plan on setting up a DNS management account with Dotster
which is a web based domain DNS zone file management system. Dotster will actually be handling DNS for the domain name that we are moving. I will be setting up the MX and A records there and they will point to the IP address of my Linux box.

My question is: Will I need to have our ISP delegate reverse DNS for that IP address to us or will it be
okay as is?

I do have a real domain setup as a test. It is setup for DNS managment at Dotster and mail seems to be working fine coming in and going out of the Linux box. I just
need to know if I've just been lucky to not have any problems or if it's okay that the ISP handles reverse DNS.

Thanks,
Rod
reason100





0
Comment
Question by:reason100
7 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 6430645
Okay, you've got a T1 and a net block of some size from your ISP. In that case why bother using some other service to do the DNS hosting. It would make more sense to me to run your own DNS server and have your ISP delegate in-addr.arpa authority to your name server. That way you can manage any number of virtual domains at your site as well as your primary domain.

Even if you use an external DNS service you aren't likely to run into too much of a problem with reverse DNS. Only the really paranoid mail servers insist on matching the forward and reverse lookups. By and large, what's more important is that there be a reverse entry for the IP of the mail server.

What you can always to is to use the real FQDN of the mail server (that your ISP furnishes the in-addr record for) and use a CNAME record pointing to the same name for your virtual domain. As long as the mail server is told that it handles mail for that domain everything will work fine. In other words if I have a local machine with a FQDN (as listed in your ISP's DNS) of virtsrv.my-domain.tld, I'd set up the records for the virtual domain like:

virtual-dom.tld.     IN  MX 10 virtsrv.my-domain.tld.

mail.virtual-dom.tld.  IN CNAME virtsrv.my-domain.tld.

That way there is no problem with paranoid mail servere. The system the think they are talking to is virtsrv.my-domain.tld and the IP they see resolves to virtsrv.my-dom.tld.
0
 
LVL 1

Author Comment

by:reason100
ID: 6433185
Thanks for replying. I have been doing some queries and found that nslookup cannot find any reverse dns records for the IP addresses we are using.
0
 
LVL 1

Author Comment

by:reason100
ID: 6433259
Thanks for replying. I have been doing some queries and found that nslookup cannot find any reverse dns records for the IP addresses we are using.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 40

Expert Comment

by:jlevie
ID: 6434355
In that case your ISP, who supposedly has in-addr authority for those IP's, doesn't have their DNS set up properly. You need to take the issue up with them.
0
 

Expert Comment

by:kruemelmo
ID: 6443970
jlevie said most of what must be said i think.

> Only the really paranoid mail servers insist on matching the forward and reverse lookups.

In other words: If your users expect to be able to receive email from everybody, which is likely, you need matching forward and reverse dns records... in general, names listed in MX (and NS) records need an A record with matching reverse lookup.

Dont use a name in the MX records which only has a CNAME, but nobody has suggested that, this hint is only to be more complete.

If your ISP has not set up the reverse lookup so far, you might be able to influence what they actually put into that zone... we use to send them updated zone file fragments once in a while and they put them in.

Greetings!
0
 
LVL 2

Expert Comment

by:ksemat
ID: 6461162
I guess everything has pretty much been said here. I have seen the freebsd.org maiiling lists refuse posts from people without reverse dns or whose reverse dns does not match with the forwards.

But you're definitely better off handling your own dns servers. Anight reading "dns and Bind" should pretty much solve any problems you come across.
0
 
LVL 1

Author Comment

by:reason100
ID: 6470450
Sorry about the delay in awarding you the points.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Currently, there is not an RPM package available under the RHEL/Fedora/CentOS distributions that gives you a quick and easy way to allow PHP to interface with Oracle. As a result, I have included a set of instructions on how to do this with minimal …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now