Solved

DNS Reverse Lookup (newbie)

Posted on 2003-11-26
7
10,024 Views
Last Modified: 2007-11-27
I did an nslookup (plus reverse lookup) of my domain name on a variety of nameservers.

The results can be seen on http://www.hagroup.ie/DNS.htm

I am a little new to this.

5 of the 11 nameservers queried showed a FAILURE in reverse lookup.

Is that a potential problem and what might be causing this problem?

Are reverse lookups still used to block spam?

Thanks
E.R.
0
Comment
Question by:eamonroche
7 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 125 total points
Comment Utility
Let's see why:
Start at the root:
C:\nslookup
Default Server:  boffey.com.priv
Address:  192.168.2.1
>set type=ptr
> root
Default Server:  A.ROOT-SERVERS.NET
Address:  198.41.0.4

> 216.119.75.159
Server:  A.ROOT-SERVERS.NET
Address:  198.41.0.4

216.in-addr.arpa        nameserver = chia.ARIN.NET
216.in-addr.arpa        nameserver = dill.ARIN.NET
216.in-addr.arpa        nameserver = henna.ARIN.NET
216.in-addr.arpa        nameserver = indigo.ARIN.NET
216.in-addr.arpa        nameserver = epazote.ARIN.NET
216.in-addr.arpa        nameserver = figwort.ARIN.NET
216.in-addr.arpa        nameserver = ginseng.ARIN.NET

ok- arin has control of that netblock - let's ask them what they know about it:

> server chia.arin.net
Default Server:  chia.arin.net
Address:  192.5.6.32

> 216.119.75.159
Server:  chia.arin.net
Address:  192.5.6.32

75.119.216.in-addr.arpa nameserver = ns1.webcontrolcenter.com
75.119.216.in-addr.arpa nameserver = ns2.webcontrolcenter.com

ok - that netblock is delegated to webcontrolcenter

let's ask them:

> server ns1.webcontrolcenter.com
Default Server:  ns1.webcontrolcenter.com
Address:  216.119.106.2

> 216.119.75.159
Server:  ns1.webcontrolcenter.com
Address:  216.119.106.2

*** ns1.webcontrolcenter.com can't find 159.75.119.216.in-addr.arpa.: Non-existent domain

oops - hmmm

let's try the other one:

> server ns2.webcontrolcenter.com
Default Server:  ns2.webcontrolcenter.com
Address:  216.119.106.3

> 216.119.75.159
Server:  ns2.webcontrolcenter.com
Address:  216.119.106.3

159.75.119.216.in-addr.arpa     name = tyrrellcoakley.ie
159.75.119.216.in-addr.arpa     name = www.tyrrellcoakley.ie
159.75.119.216.in-addr.arpa     name = netquotedirect.com
159.75.119.216.in-addr.arpa     name = www.netquotedirect.com
159.75.119.216.in-addr.arpa     name = netquotedirect.ie
159.75.119.216.in-addr.arpa     name = www.netquotedirect.ie
159.75.119.216.in-addr.arpa     name = plantmaster.ie
159.75.119.216.in-addr.arpa     name = www.plantmaster.ie
159.75.119.216.in-addr.arpa     name = tyrrellcoakley.com
159.75.119.216.in-addr.arpa     name = www.tyrrellcoakley.com

ah! so - I'd say ns1.webcontrolcenter is hosed

in-arpa lookups that hit that will cache the negative answer for a while, lookups that hit NS2 will cache the good answer

SMTP servers can and very often are configured to reject mail from an ip the doesn't have a reverse lookup, one that doesn't match, doesn;t have mx records, etc. THis produces a lot of false positives as far as spam goes, but it's built right into sendmail so you gotta live with it. Your best bet is to use your ISP's mail relay as a smart relay for your mail server.








0
 
LVL 6

Expert Comment

by:Casca1
Comment Utility
He... That's some good info, and excellent material on uses...
Thanks! 8-)
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
no problem, give your dns provider a buzz
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Expert Comment

by:bgagnon
Comment Utility
Hi,

Effectively you we can see that you do not have the reverse entry setup properly in this quick report:

FAIL Reverse DNS entries for MX records ERROR: One or more of your mail server(s) have no reverse DNS (PTR) entries (if you see "Timeout" below, it may mean that your DNS servers did not respond fast enough). RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry.

You need to setup a revrese zone in your DNS (supposing you are hosting your DNS)  an arpa like:
175.183.134.159.in-addr.arpa
25.58.7.195.in-addr.arpa

After you set this up and if your ISP owns the public internet addresses you are using you need to call them and ask them to give your DNS server the delegation Right on the reverse addresses.

And to answer your question more and more company set their mail server to block emails from servers that do not reversely resolve ip's.  

I have had the same problem but since the reverse zone was delegated to my own DNS server and I entered the ip addresses of our smtp server in the zones it's working perfectly.

Also you can setup as much reverse zone in your DNS as you have different range of addreses.

Bruno Gagnon
 
0
 

Expert Comment

by:laxmanprakaash
Comment Utility
The good news is: You're not blackholed:
http://mail-abuse.org/cgi-bin/lookup?64.91.120.149

The bad news:
; <<>> DiG 9.2.2 <<>> 64.91.120.149
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:
41
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY:
1, ADDITIONAL: 0

;; QUESTION SECTION:
;64.91.120.149.                 IN      A

;; AUTHORITY SECTION:
.                       86400   IN      SOA    
A.ROOT-SERVERS.NET. NSTLD.VERISI
GN-GRS.COM. 2004020500 1800 900 604800 86400

;; Query time: 200 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Thu Feb 05 14:10:00 2004
;; MSG SIZE  rcvd: 106

(translation: No reverse DNS)

Sendmail blocks mail that has an unresolvable domain
name in the MAIL FROM: part of the SMTP transaction.
It doesn't block mail from or to servers that have
unresolvable IP numbers. Mail servers that have IP
numbers with no reverse lookups can still send mail
with this turned on. However, some servers DO block
mail if the connecting node has no reverse configured.

DNS names and numbers are resolved in two seperate
systems. The NAMES are owned by individuals and
administered by name registrars at the root servers
and thereafter byt the operator of the DNS servers
specified there.

IP addresses are owned by ISP's, organizations and
(rarely) individuals and are administered by ARIN in
north america, and thereafter by the the netblock
owner. Your address lies in a block registered to
Network Availability
1-800-809-1410
network@centurytel.net

and that's who has to enter the reverse entry. It
would be nice if the reverse entry matched the A
record, but any ole' thing will do (often they like to
use the 'in.arpa' name which is a representation of
the IP address and something meaningful to the ISP.

Note that there is no uber-spam-filter. overzealous or
uninformed (or just plain dumb) administrators can and
do setup crazy filters and some big outfits like AOL
and Hotmail have proprietary systems and their own
ideas. Sometimes it's easier to relay through your ISP
or at least use them as a smart host for problematic
domains.

You SMTP logs should have a reason the mail was
rejected, get this fixed and keep an eye on the logs
to fine tune things.

Frank

--- Laxman Subramanian
<lsubramanian@carisbrooktech.com> wrote:
> Frank,
>  
> I was browsing through answers for why mails from my
> mailserver are rejected by *few isp's* and the
> reason was that they tried to do the reverse dns
> lookup and the ip resolves to domain not found. I am
> kind of lost here as to who actually is the person I
> need to square this with is it the ISP or the DNS
> registeration provider EASYDNS. This just ahppened
> recently after we moved to a new ip block and ever
> since we are not able to get reverse dns lookups .
>  
> When I asked my DNS registrar he replied back saying
> its the ISP who needs to fix this.
>  
> "The easyDNS interface does not support reverse
> lookup, because we cannot provide our clients with
> reverse DNS in the vast majority of cases and so
> there is no way through the interface to manage that
> zone. This is because the nameservers have to have a
> delegation for the entire netblock that IP address
> resides in for us to provide a reverse lookup. In
> most cases, connectivity providers will not delegate
> blocks of their IP addresses to third party
> nameservers (unless they are themselves a customer)
> So you will need to contact your upstream
> connectivity provider to set up the reverse lookup.
> "
>  
> My mailserver is mail.carisbrooktech.com and it
> resolves to 64.91.120.149 where as the reverse fails
> . can you help me here and educate with me with what
> is happening and how i can square this.
>
> Laxman Subramanian, CISSP


0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
so... what did your ISP say?
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
I think you want to open a new question...
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Screen Recorder Recommendations 10 52
Server Room Hardware 5 46
svg file 10 30
Sonicwall multiple ISP configuration 5 26
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now