• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 978
  • Last Modified:

Regarding reverse DNS

Here is the situation. We are an ISP and recently provided Internet service to a customer. The customer has got a mail server (mdaemon) and we are relaying his outgoing mails through our mail server. His DNS hosting on network solutions is pointed to our DNS server.. Internet is working fine. But recently when he is sending an email to a specific domain name , his email got rejected and came up with this error.

[IP address] does not have a reverse DNS entry. Connection Rejected.
Please contact your Dial-Up/DSL/Network ISP Provider. Default Reject!

For easy understanding , lets say his ip is 200.1.1.1.

In my DNS server running on windows 2003 , i have an  entry for his domain in my forward lookup zone as
mail    host (A)  200.1.1.1

Should I be creating an entry for him in my reverse lookup zone and if yes , what needs to be done ?

SR
0
sunray_2003
Asked:
sunray_2003
  • 13
  • 9
1 Solution
 
Netman66Commented:
Yes.

In Reverse Lookup Zone - 1.1.200

Create a PTR record for .1 and enter the hostname.

If the zone does not exist, create it.

0
 
sunray_2003Author Commented:
this is what I did.

right-click reverse lookup zone , and added a new zone , selected primary zone >> for network ID gave
1.1.200  >> click next and created a file name and press OK.

now when i click on Reverse lookup zone , I see

1.1.200.x subnet         standard primary       running.

I clicked on 1.1.200.x (which is displayed under reverse lookup zone) and on the right , I see

same as parent folder  ****************
same as parent folder  *****************

Is the above procedure correct and should I add a new PTR there ?
0
 
Netman66Commented:
Oh, Hi Sun....didn't see who it was.

Yes, right click the Zone now and select New, Pointer.

Add the .1 entry with FQDN.

That should do it.

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
sunray_2003Author Commented:
Doing this for the first time hence some simple questions.

under host IP , 1.1.200 is already filled so I just give 1 there

there is already an entry under FDQN and it becomes
1.1.1.200.in-addr.arpa  once I give 1 under Host IP

Below that should I give the host domain name as mail.domain.com or www.domain.com ?

Should this immediately take effect or sometime ?
0
 
Netman66Commented:
Just put 1, yes.

Is the FQDN the correct one after you enter the 1?  It should be the servername setup in the MX record.

An example would be mail.domain.com (where mail is the servername)  - same as the MX record.

It should be immediate if this is the Primary DNS for your client and also the MX host server.  If it is a replica, it might take a few cycles to replicate the entry.

0
 
Netman66Commented:
I just had a peek at an entry - the subnet is prefilled, you add the last octet to the IP, then fill in Hostname with the FQDN of the mail server in question.

0
 
sunray_2003Author Commented:
I guess the issue here is slightly complicated , atleast for me..

lets use some dummy ips

dns servers (1) 1.2.3.4
dns server (2)  1.2.3.5
mail server  is the customers and its ip is  200.100.10.11
domain name for the customer be   www.test.com

In my windows 2003, my DNS server has an entry for the customers domain in the forward lookup zone and it has

dns1  host(A) 1.2.3.4
dns2  host(A) 1.2.3.5
mail   host(A) 200.100.10.11 -- mail server IP which is at customer location. not under my control.
www  host(A) 100.100.1.100  ( not hosted on my server) not sure if this IP is important in this question..

When I create a reverse lookup for this particular domain , It is asking for network ID and it also says not to reverse the order.. so dont I have to give it as 200.100.10  as apposed to 10.100.200 ??

and after that I create a pointer .. I gave the host Ip as 11 as 200.100.10 already got filled and the FQDN is already set as 11.10.100.200.in-addr.arpa ..
below that I give hostname as  mail.test.com
 
an entry under reverse lookup zone looks like
200.100.10.x subnet and when I click that , I get on the right

same as parent folder
same as parent folder
200.100.10.11                      pointer(PTR)       mail.test.com

does this look fine ?

SR
0
 
Netman66Commented:
Perfect!


Now, does it work - that't the million $ Q....
0
 
sunray_2003Author Commented:
I see some websites like dnsstuff.com that can do a testing on reverse DNS.. Is there something I can do to test this first prior to asking the customer to send an email to the original party and see if he can send..

I understand that if the customer sends an email that would prove that this works but just wanting to know how to check myself..
0
 
Netman66Commented:
There are a lot of other ISP's that do a reverse lookup on mail servers to make sure that the originating mail server is indeed legitimate.

I just checked using www.dnsstuff.com and your record is successful.   You have done it perfectly!

0
 
sunray_2003Author Commented:
I wish.. that 200.100 Ip is a dummy IP and not mine.. In www.dnsstuff.com , shud i give my original IP under
reverse DNS lookup and when i give my original IP , at the bottom of the result page , i get this
Error: It looks like you've stuck me in a loop!.

SR
0
 
Netman66Commented:
Email me the IP.

0
 
Netman66Commented:
Nevermind - I have no access to it from here...

If the MX record in the Forward zone is 200.100.10.11 (example) then it should match the reverse PTR record.

Also, the HOST (A) record for mail.test.com should be the same as both the reverse and MX records.  Everything should match.

0
 
Netman66Commented:
Also, your MX record needs a trailing period in DNS.
0
 
Netman66Commented:
Try just entering the domain name in the FQDN box - rather than mail.test.com, just enter test.com

Is this the same server as the registered domain exists on?  If not, you may need a reverse record for simply the domain "test.com" with their real domain IP.


0
 
sunray_2003Author Commented:
not sure if you got my email related to this..
0
 
Netman66Commented:
I cannot access this account from inside our firewall - sorry.

You can try my EE username at gmail.com

0
 
sunray_2003Author Commented:
Netman,

got a followup question on this DNS ... Got a mail server (merak) running in my windows 2003. When I do a DNS query, it fails. At the same time , I cannot ping any machine (external host) from this windows 2003. This makes me think that when my mail server performs DNS query, it actually pings the DNS server that it is contacting and since ping doesnot work , DNS query fails.. Am I right ?

0
 
Netman66Commented:
No.  If your DNS isn't functioning, it's simply that.  Ping isn't attached to a DNS query of any type that I am aware of.

You'll need to figure out what is happening with your DNS queries - and, if you also have a ping issue then determine if ICMP reply is being blocked somewhere.

0
 
sunray_2003Author Commented:
Thanks ... Didnot give the correct DNS server in the mail server and no wonder it was not working.

your ping explanation makes good sense

SR
0
 
Netman66Commented:
I have a question for you over in the Outlook area - I would very much appreciate your input on this one - it's an interesting problem.

If you need a link, let me know.

NM
0
 
sunray_2003Author Commented:
NM,

Pop into this if you have time
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21351448.html

I shall check your question in Outlook and see if I can help you..

SR
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 13
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now