Solved

urgent dns help

Posted on 2007-11-18
14
223 Views
Last Modified: 2010-04-07
i got put on the fiveten blacklist which i have heard is not bad because of all the false possitives and not one listens to them anyway.
all my dns is hosted by at&t and all i was told to do was point all the ip's that they gave me to my server through the firewall. i was told that all i needed to to with my dns was to have a forward lookup zone that had forwarders tomy isp who host my dns.  my internal is .local and my external is .org.  the only forward lookup zone that i have is for .local??  is this my problem???  do i need a forward lookup zone with forwarders to my isp for .org??? do i need to make a forward lookup zone for .org on my internal??
i ran a dns stuffreport and i get some worns but nothing to worry about.

i wanted to know if one of the experts could tell me from their end if my smtp banner is advertising what it is supose to be advertising.  it was advertising the .local but i changed that and it is now advertising the .org like it should be.  
i have download the smtpiag tool but i am not in front of the server right now to run it.

any suggestions on my dns????
0
Comment
Question by:amoos
  • 7
  • 4
14 Comments
 
LVL 6

Expert Comment

by:zane_o
ID: 20308953
One major issue with DNS and Blacklisting is not forward lookups, but reverse.  If AT&T is providing the DNS services for your IP range, they should be able to add a reverse lookup record for your mail server.  Most times mail servers don't check to make sure that the reverse lookup resolves to the exact name in the SMTP connect, they just want to verify that there is a reverse record for that IP address.
Only if AT&T (presumably the ISP providing your IP addresses) is referring to your DNS for reverse lookup on the IP addresses they are providing would you need to have a reverse lookup for that zone.
You do not need to create a forward lookup zone or any refers, it won't affect how outside mail servers see your server.
0
 

Author Comment

by:amoos
ID: 20308980
so how do i setup a reverse lookup zone for my dns???  shouldn't my isp do that??
0
 
LVL 6

Expert Comment

by:zane_o
ID: 20309001
Your ISP should do that.  To check to see if there is a reverse lookup for your IP address you can go to www.dnsstuff.com and use the "Reverse DNS Lookup" IP Tool.
0
 

Author Comment

by:amoos
ID: 20309024
ok this what i got.  what do you think??

Reverse DNS for 12.189.231.183
Email link to resultsGenerated by www.DNSstuff.com


When the server was last reloaded, we had 134146 IP addresses banned.
Remember, you are not allowed to use automated programs to access our tools, unless you have a purchased a DNSstuff automated usage plan.
Please email sales@dnsstuff.com to learn more.



op-tn.org is not an IP address, so I am using 12.189.231.183 (the A record for op-tn.org).

Location: United States [City: Nashville, Tennessee]

Preparation:
The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 12.189.231.183 is found by looking up the PTR record for
 183.231.189.12.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking c.root-servers.net for 183.231.189.12.in-addr.arpa PTR record:  
       c.root-servers.net says to go to cbru.br.ns.els-gms.att.net. (zone: 12.in-addr.arpa.)
Asking cbru.br.ns.els-gms.att.net. for 183.231.189.12.in-addr.arpa PTR record:  Got CNAME referral to 183.176/28.231.189.12.in-addr.arpa. at server cbru.br.ns.els-gms.att.net. (zone 176/28.231.189.12.in-addr.arpa.) [from 199.191.128.105]
Asking f.root-servers.net for 183.176/28.231.189.12.in-addr.arpa. PTR record:  
       f.root-servers.net [192.5.5.241] says to go to CBRU.BR.NS.ELS-GMS.ATT.NET. (zone: 12.in-addr.arpa.)
Asking CBRU.BR.NS.ELS-GMS.ATT.NET. for 183.176/28.231.189.12.in-addr.arpa. PTR record:  Reports www.op-tn.org. [from 199.191.128.105]

Answer:
12.189.231.183 PTR record: www.op-tn.org. [TTL 86400s] [A=12.189.231.183]

To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.

0
 
LVL 6

Accepted Solution

by:
zane_o earned 250 total points
ID: 20309081
There is no mail server responding at the IP address 12.189.231.183.  When I try an connect to it on port 25 it doesn't respond.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:amoos
ID: 20309105
that is the ip that is from at&t.  what do i do??  mail is comming in fine but some mail is not reaching the destination??? what do i do??
0
 
LVL 6

Expert Comment

by:zane_o
ID: 20309117
I don't understand. Is that the public IP address of your mail server?
0
 

Author Comment

by:amoos
ID: 20309134
the 12.xxx.xxx.xxx is the ip that was from at&t so i am assuming that is the public ip from at&t and the record is mail.op-tn.org

192.168.10.3 is the internal ip of my network that the 12.xxx.xxx.xxx is forwarded to.

what you thinking??
0
 

Author Comment

by:amoos
ID: 20310052
yes i understand but there was no solution that we came upon.  i am just confused about what i need to put into my internal dns since my isp hosts all my dns??
0
 

Author Comment

by:amoos
ID: 20310095
i am sorry i did not mean to affend anyone.  does this mean that i cannot get help??
0
 

Author Comment

by:amoos
ID: 20310106
i understand you guys have helped me out so much and i greatly appreciate it.  i am just a little stuck and stressed out in my situation and i was wondering since my isp hosts my dns and mx records and they have @ as mail.mydomain.org does my smtp banner have to match??
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Suggested Solutions

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now