• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4216
  • Last Modified:

How do you update PTR Records

I'm managing an in-house exchange server which ran solely off of a business class DSL line.  Recently, we added a T1 connection to the network and setup load balancing between the two lines for automatic fail over and better throughput.   The issue now is that since our email server is now sending out emails over two IPs instead of just one, some ISPs have started to flag our second (t1) IP address and a possible spammer/abuse IP.  I'm fairly certain that this is a PTR issue (correct me if I'm wrong) but I'm not entirely sure how to update our records in a manner that says both of these IPs belong to our company and our exchange server and emails from them are OK. We have one exchange server and two DNS servers; all running on windows 2003.

thanks.
0
Malevolo
Asked:
Malevolo
  • 5
  • 4
  • 2
  • +1
2 Solutions
 
DeanC30Commented:
You need to speak to your ISP about getting a reverse DNS (ptr) record associated with your 2nd IP address
0
 
MalevoloAuthor Commented:
So I need to speak to the ISP whch is supporting the T1 line and ask them to associate it?

If I they make any changes, will it affect the other DSL IP address' association with the email server or will their record only ADD to my PTR records?

So I don't need to update anything in my in-house dns servers then?
0
 
ifantigCommented:
Are you hosting your own DNS?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
ifantigCommented:
Sorry looks like you answered my question before I posted.  Are your DNS servers the name servers for your real world domain, not just internal servers?
0
 
ormerodrutterCommented:
To be on the safe side you can do a self test of your IP address(es) to see if they have been identified as spammer. It may not necessary by a PTR record.

http://spamcop.net/bl.shtml
0
 
MalevoloAuthor Commented:
It looks like our DNS servers are not just internal, for the external domain as well.  I'm fairly certain that we need to create or update some records somewhere, I'm just not sure which, where, or how.

Neither of our two IP addresses are listed on the spamlist.

I just contacted our T1 carrier who is looking into the issue as well, and am expecting a call back soon to hear what they've got to say about the issue.
0
 
MalevoloAuthor Commented:
Scratch that--- I don't think our DNS servers are resolving for the external/real world domain.  All of the IP addresses there are mostly internal, so I guess we're using someone else's dns servers.
0
 
DeanC30Commented:
You can check for reverse DNS settings via www.dnsstuff.com  It may not be that your IP addresses are on a spamlist, but mails could be getting rejected if no Reverse DNS associated.  Your T1 carrier *should* be able to help you out with the PTR settings for the 2nd IP
0
 
MalevoloAuthor Commented:
I checked dnsstuff and the following warning came up which caught my eye.

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

mail.XXXX.com claims to be invalid hostname 'SMTP': <br />   220 SMTP server ready 4.2 <br />

I'll look into fixing that, and I'm working with my T1 carrier to hopefully add that IP to my records so people know its us, from either of the two IPs.
0
 
ifantigCommented:
Well you'll definitely need to have your ISP add the PTR records because if a server is doing reverse lookups and the IP of the e-mail server does not resolve to the name your server is given in the SMTP Virtual Server properties, the the mail may be rejected.  The problem in your case though is that you need the same name pointing to two different IP addresses.  In other words say your T1 IP is 2.2.2.2 and your DSL IP is 3.3.3.3, then both of those addresses need to resolve to mail.yourcompany.com.  Your ISPs should do this for you.  

For further load balancing, you will also need to update the zone file for your domain and add another host record pointing to the second IP address.  In other words let's say you have one MX record: mail.yourcompany.com. with a priority of 10.   Let's say mail.yourcompany.com already points to your DSL line, which is 2.2.2.2  You will then add a second A record for mail.yourcompany.com and have it point to 3.3.3.3, your T1 line.

Check out this PDF for further info:
http://www.barracudanetworks.com/ns/downloads/Barracuda_WP_MX_Load_Balancing.pdf
0
 
MalevoloAuthor Commented:
Thanks very much.  I will read it over right now although I grasp the basic concept of what you're saying.

Another new issue is that our exchange server manages 4 domains for email. From what I was told by my ISP was that they could setup a new PTR so that the ip is associated with one domain, but I can't have it set for all four. I'm not quite sure how I can get around this. When I call back Covad to setup the PTR they're going to ask me for one domain; what can I do, if anything to get around this?
0
 
ifantigCommented:
The 4 domains part will not be an issue at all.  You can accept mail for hundreds of domains but the mail server can only have a name associated wiht one domain obviously.  You can still accept mail for all those domains by defining your mail server as the MX record for those domains.  In other words say your main domain is called company1.com, and  your mail server is called mail.company1.com.  You can also receive mail for company2.com, company3.com, etc.  In the zone file for the other domains you just need the MX record to point to mail.company1.com (and you need to setup the appropriate domains in the recipent policy of the server, which I am assuming was already done.)  It should not affect your load balancing and the PTR records will only need to be created for mail.company1.com.  The other domain names have nothing to do with it.  

You will also need to setup the multiple host records for the other domain's zone files if you want fault tolerance as well.  Let me know if you need any help with this.  It's a very standard setup, and a good idea using the fault tolerance.  
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now