Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

urgent dns help

Posted on 2007-11-18
Last Modified: 2010-04-07
i got put on the fiveten blacklist which i have heard is not bad because of all the false possitives and not one listens to them anyway.
all my dns is hosted by at&t and all i was told to do was point all the ip's that they gave me to my server through the firewall. i was told that all i needed to to with my dns was to have a forward lookup zone that had forwarders tomy isp who host my dns.  my internal is .local and my external is .org.  the only forward lookup zone that i have is for .local??  is this my problem???  do i need a forward lookup zone with forwarders to my isp for .org??? do i need to make a forward lookup zone for .org on my internal??
i ran a dns stuffreport and i get some worns but nothing to worry about.

i wanted to know if one of the experts could tell me from their end if my smtp banner is advertising what it is supose to be advertising.  it was advertising the .local but i changed that and it is now advertising the .org like it should be.  
i have download the smtpiag tool but i am not in front of the server right now to run it.

any suggestions on my dns????
Question by:amoos
  • 7
  • 4

Expert Comment

ID: 20308953
One major issue with DNS and Blacklisting is not forward lookups, but reverse.  If AT&T is providing the DNS services for your IP range, they should be able to add a reverse lookup record for your mail server.  Most times mail servers don't check to make sure that the reverse lookup resolves to the exact name in the SMTP connect, they just want to verify that there is a reverse record for that IP address.
Only if AT&T (presumably the ISP providing your IP addresses) is referring to your DNS for reverse lookup on the IP addresses they are providing would you need to have a reverse lookup for that zone.
You do not need to create a forward lookup zone or any refers, it won't affect how outside mail servers see your server.

Author Comment

ID: 20308980
so how do i setup a reverse lookup zone for my dns???  shouldn't my isp do that??

Expert Comment

ID: 20309001
Your ISP should do that.  To check to see if there is a reverse lookup for your IP address you can go to www.dnsstuff.com and use the "Reverse DNS Lookup" IP Tool.
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Author Comment

ID: 20309024
ok this what i got.  what do you think??

Reverse DNS for
Email link to resultsGenerated by www.DNSstuff.com

When the server was last reloaded, we had 134146 IP addresses banned.
Remember, you are not allowed to use automated programs to access our tools, unless you have a purchased a DNSstuff automated usage plan.
Please email sales@dnsstuff.com to learn more.

op-tn.org is not an IP address, so I am using (the A record for op-tn.org).

Location: United States [City: Nashville, Tennessee]

The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for is found by looking up the PTR record for
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking c.root-servers.net for PTR record:  
       c.root-servers.net says to go to cbru.br.ns.els-gms.att.net. (zone: 12.in-addr.arpa.)
Asking cbru.br.ns.els-gms.att.net. for PTR record:  Got CNAME referral to 183.176/ at server cbru.br.ns.els-gms.att.net. (zone 176/ [from]
Asking f.root-servers.net for 183.176/ PTR record:  
       f.root-servers.net [] says to go to CBRU.BR.NS.ELS-GMS.ATT.NET. (zone: 12.in-addr.arpa.)
Asking CBRU.BR.NS.ELS-GMS.ATT.NET. for 183.176/ PTR record:  Reports www.op-tn.org. [from]

Answer: PTR record: www.op-tn.org. [TTL 86400s] [A=]

To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.


Accepted Solution

zane_o earned 250 total points
ID: 20309081
There is no mail server responding at the IP address  When I try an connect to it on port 25 it doesn't respond.

Author Comment

ID: 20309105
that is the ip that is from at&t.  what do i do??  mail is comming in fine but some mail is not reaching the destination??? what do i do??

Expert Comment

ID: 20309117
I don't understand. Is that the public IP address of your mail server?

Author Comment

ID: 20309134
the 12.xxx.xxx.xxx is the ip that was from at&t so i am assuming that is the public ip from at&t and the record is mail.op-tn.org is the internal ip of my network that the 12.xxx.xxx.xxx is forwarded to.

what you thinking??

Author Comment

ID: 20310052
yes i understand but there was no solution that we came upon.  i am just confused about what i need to put into my internal dns since my isp hosts all my dns??

Author Comment

ID: 20310095
i am sorry i did not mean to affend anyone.  does this mean that i cannot get help??

Author Comment

ID: 20310106
i understand you guys have helped me out so much and i greatly appreciate it.  i am just a little stuck and stressed out in my situation and i was wondering since my isp hosts my dns and mx records and they have @ as mail.mydomain.org does my smtp banner have to match??

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question