[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 749
  • Last Modified:

Reverse DNS for mail server

Greetings!

I'm getting ready to move a domain to a server hosted
on our site as opposed to contracting it out to a hosting provider.

We have a T1 connection with some IP address space assigned to us by the ISP. Currently this ISP handles
reverse DNS for our IP address space only. The domain
I'm moving is hosted elsewhere. The immediate need
is e-mail. I have a Linux box running Postfix that is
assigned one of the public IP addresses assigned to us.

I plan on setting up a DNS management account with Dotster
which is a web based domain DNS zone file management system. Dotster will actually be handling DNS for the domain name that we are moving. I will be setting up the MX and A records there and they will point to the IP address of my Linux box.

My question is: Will I need to have our ISP delegate reverse DNS for that IP address to us or will it be
okay as is?

I do have a real domain setup as a test. It is setup for DNS managment at Dotster and mail seems to be working fine coming in and going out of the Linux box. I just
need to know if I've just been lucky to not have any problems or if it's okay that the ISP handles reverse DNS.

Thanks,
Rod
reason100





0
reason100
Asked:
reason100
1 Solution
 
jlevieCommented:
Okay, you've got a T1 and a net block of some size from your ISP. In that case why bother using some other service to do the DNS hosting. It would make more sense to me to run your own DNS server and have your ISP delegate in-addr.arpa authority to your name server. That way you can manage any number of virtual domains at your site as well as your primary domain.

Even if you use an external DNS service you aren't likely to run into too much of a problem with reverse DNS. Only the really paranoid mail servers insist on matching the forward and reverse lookups. By and large, what's more important is that there be a reverse entry for the IP of the mail server.

What you can always to is to use the real FQDN of the mail server (that your ISP furnishes the in-addr record for) and use a CNAME record pointing to the same name for your virtual domain. As long as the mail server is told that it handles mail for that domain everything will work fine. In other words if I have a local machine with a FQDN (as listed in your ISP's DNS) of virtsrv.my-domain.tld, I'd set up the records for the virtual domain like:

virtual-dom.tld.     IN  MX 10 virtsrv.my-domain.tld.

mail.virtual-dom.tld.  IN CNAME virtsrv.my-domain.tld.

That way there is no problem with paranoid mail servere. The system the think they are talking to is virtsrv.my-domain.tld and the IP they see resolves to virtsrv.my-dom.tld.
0
 
reason100Author Commented:
Thanks for replying. I have been doing some queries and found that nslookup cannot find any reverse dns records for the IP addresses we are using.
0
 
reason100Author Commented:
Thanks for replying. I have been doing some queries and found that nslookup cannot find any reverse dns records for the IP addresses we are using.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
jlevieCommented:
In that case your ISP, who supposedly has in-addr authority for those IP's, doesn't have their DNS set up properly. You need to take the issue up with them.
0
 
kruemelmoCommented:
jlevie said most of what must be said i think.

> Only the really paranoid mail servers insist on matching the forward and reverse lookups.

In other words: If your users expect to be able to receive email from everybody, which is likely, you need matching forward and reverse dns records... in general, names listed in MX (and NS) records need an A record with matching reverse lookup.

Dont use a name in the MX records which only has a CNAME, but nobody has suggested that, this hint is only to be more complete.

If your ISP has not set up the reverse lookup so far, you might be able to influence what they actually put into that zone... we use to send them updated zone file fragments once in a while and they put them in.

Greetings!
0
 
ksematCommented:
I guess everything has pretty much been said here. I have seen the freebsd.org maiiling lists refuse posts from people without reverse dns or whose reverse dns does not match with the forwards.

But you're definitely better off handling your own dns servers. Anight reading "dns and Bind" should pretty much solve any problems you come across.
0
 
reason100Author Commented:
Sorry about the delay in awarding you the points.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now