Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 213
  • Last Modified:

Problem with Reverse DNS

Hi experts.

I have a redhat 9.0 server with MailScanner+sendmail. I have 3 domains hosted on my server, and i'm using BIND9. Recently, mails sent from users of one of the domain (amchamberbaq.com) to the domain metrotel.net.co are being returned with the message:

(reason: 551 amchamberbaq.com is not a recognized domain name.)

That problem is just with that domain. I talked with the metrotel network administrator and he told me that this is happening 'cause i don't have a PTR record for that domain. I have checked my DNS configuration and there's a reverse zone file wich have this record. Howewer, i made a test in http://remote.12dt.com/rns/ and it doesn't resolve. the DNS server ip is 63.245.101.9. I have a secondary DNS 63.245.101.4. The named.conf from the primary DNS have the following:

// generated by named-bootconf.pl

options {
      directory "/var/named";
      /*
       * If there is a firewall between you and nameservers you want
       * to talk to, you might need to uncomment the query-source
       * directive below.  Previous versions of BIND always asked
       * questions using port 53, but BIND 8.1 uses an unprivileged
       * port by default.
       */
      // query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
      inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
      type hint;
      file "named.ca";
};

zone "localhost" IN {
      type master;
      file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" {
      type master;
      file "named.local";
};

zone "101.245.63.in-addr.arpa" {
      notify no;
      type master;
      file "63.245.101.rev";
      };

zone "9.101.245.63.in-addr.arpa" {
        notify no;
      type master;
        file "63.245.101.9.rev";
        };

zone "eurosistemas.com.co" {
      type master;
      file "eurosistemas.com.co.hosts";
      };

zone "eurolatina.com.co" {
        type master;
        file "eurolatina.com.co.hosts";
        };

zone "edelcaribe.com" {
        type master;
        file "edelcaribe.com.hosts";
        };

zone "amchamberbaq.com" {
        type master;
        file "amchamberbaq.com.hosts";
        };


include "/etc/rndc.key";

logging {
category lame-servers { null; };

};

63.245.101.9.rev adn 63.245.101.rev, both contains the following:

$TTL 3D
@       IN      SOA     ns1.eurosistemas.com.co. webmaster.eurosistemas.com.co. (
                        199802151 ; Serial, todays date + todays serial
                        8H      ; Refresh
                        2H      ; Retry
                        4W      ; Expire
                        1D)     ; Minimum TTL
                NS      ns1.eurosistemas.com.co.
                NS      dns1.eurosistemas.com.co.

1               PTR     ns1.eurosistemas.com.co.
2               PTR     dns1.eurosistemas.com.co.
3               PTR     mail.eurosistemas.com.co.
4               PTR     mail.amchamberbaq.com.
5               PTR     mail.edelcaribe.com.
6               PTR     www.eurosistemas.com.co.
7               PTR     www.amchamberbaq.com.
8               PTR     www.edelcaribe.com.

Is there anything wrong in that configuration??.. how can i set up a reverse DNS properly??

Thanks a lot!!

RBrayM





0
rbraym
Asked:
rbraym
  • 2
1 Solution
 
jlevieCommented:
"reason: 551 amchamberbaq.com is not a recognized domain name" says to me that metrotel.net.co has some problem with DNS queries. An MTA should ask DNS for some lookup on the domain name (usually an MX query) to determine if the domain is valid. The lack of a PTR response typically produces a different error. And most MTA's aren't configured to check for matching A and PTR responses.

With regard to PTR records it doesn't matter what your DNS server has if in-addr.arpa authority for the netblock hasn't been delegated to your DNS server. And as far as I can tell no such delegation has been done.
0
 
rbraymAuthor Commented:
Thanx jlevie for your reply..

So what you are saying is that metrotel.net.co have the problem and not me??.. so what can we do to solve this??
0
 
jlevieCommented:
Based solely on the error bounce I'd say that metrotel.net.co has the problem and not you. Normally that error is returned by the recipient's MTA when it attempts to verify that the sender's domain is valid. The MTA will do a DNS lookup on the domain (typically for nameservers or an MX record). Both of those work for the domain as far as I can tell.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now