Solved

urgent dns help

Posted on 2007-11-18
14
224 Views
Last Modified: 2010-04-07
i got put on the fiveten blacklist which i have heard is not bad because of all the false possitives and not one listens to them anyway.
all my dns is hosted by at&t and all i was told to do was point all the ip's that they gave me to my server through the firewall. i was told that all i needed to to with my dns was to have a forward lookup zone that had forwarders tomy isp who host my dns.  my internal is .local and my external is .org.  the only forward lookup zone that i have is for .local??  is this my problem???  do i need a forward lookup zone with forwarders to my isp for .org??? do i need to make a forward lookup zone for .org on my internal??
i ran a dns stuffreport and i get some worns but nothing to worry about.

i wanted to know if one of the experts could tell me from their end if my smtp banner is advertising what it is supose to be advertising.  it was advertising the .local but i changed that and it is now advertising the .org like it should be.  
i have download the smtpiag tool but i am not in front of the server right now to run it.

any suggestions on my dns????
0
Comment
Question by:amoos
  • 7
  • 4
14 Comments
 
LVL 6

Expert Comment

by:zane_o
ID: 20308953
One major issue with DNS and Blacklisting is not forward lookups, but reverse.  If AT&T is providing the DNS services for your IP range, they should be able to add a reverse lookup record for your mail server.  Most times mail servers don't check to make sure that the reverse lookup resolves to the exact name in the SMTP connect, they just want to verify that there is a reverse record for that IP address.
Only if AT&T (presumably the ISP providing your IP addresses) is referring to your DNS for reverse lookup on the IP addresses they are providing would you need to have a reverse lookup for that zone.
You do not need to create a forward lookup zone or any refers, it won't affect how outside mail servers see your server.
0
 

Author Comment

by:amoos
ID: 20308980
so how do i setup a reverse lookup zone for my dns???  shouldn't my isp do that??
0
 
LVL 6

Expert Comment

by:zane_o
ID: 20309001
Your ISP should do that.  To check to see if there is a reverse lookup for your IP address you can go to www.dnsstuff.com and use the "Reverse DNS Lookup" IP Tool.
0
 

Author Comment

by:amoos
ID: 20309024
ok this what i got.  what do you think??

Reverse DNS for 12.189.231.183
Email link to resultsGenerated by www.DNSstuff.com


When the server was last reloaded, we had 134146 IP addresses banned.
Remember, you are not allowed to use automated programs to access our tools, unless you have a purchased a DNSstuff automated usage plan.
Please email sales@dnsstuff.com to learn more.



op-tn.org is not an IP address, so I am using 12.189.231.183 (the A record for op-tn.org).

Location: United States [City: Nashville, Tennessee]

Preparation:
The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 12.189.231.183 is found by looking up the PTR record for
 183.231.189.12.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking c.root-servers.net for 183.231.189.12.in-addr.arpa PTR record:  
       c.root-servers.net says to go to cbru.br.ns.els-gms.att.net. (zone: 12.in-addr.arpa.)
Asking cbru.br.ns.els-gms.att.net. for 183.231.189.12.in-addr.arpa PTR record:  Got CNAME referral to 183.176/28.231.189.12.in-addr.arpa. at server cbru.br.ns.els-gms.att.net. (zone 176/28.231.189.12.in-addr.arpa.) [from 199.191.128.105]
Asking f.root-servers.net for 183.176/28.231.189.12.in-addr.arpa. PTR record:  
       f.root-servers.net [192.5.5.241] says to go to CBRU.BR.NS.ELS-GMS.ATT.NET. (zone: 12.in-addr.arpa.)
Asking CBRU.BR.NS.ELS-GMS.ATT.NET. for 183.176/28.231.189.12.in-addr.arpa. PTR record:  Reports www.op-tn.org. [from 199.191.128.105]

Answer:
12.189.231.183 PTR record: www.op-tn.org. [TTL 86400s] [A=12.189.231.183]

To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.

0
 
LVL 6

Accepted Solution

by:
zane_o earned 250 total points
ID: 20309081
There is no mail server responding at the IP address 12.189.231.183.  When I try an connect to it on port 25 it doesn't respond.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:amoos
ID: 20309105
that is the ip that is from at&t.  what do i do??  mail is comming in fine but some mail is not reaching the destination??? what do i do??
0
 
LVL 6

Expert Comment

by:zane_o
ID: 20309117
I don't understand. Is that the public IP address of your mail server?
0
 

Author Comment

by:amoos
ID: 20309134
the 12.xxx.xxx.xxx is the ip that was from at&t so i am assuming that is the public ip from at&t and the record is mail.op-tn.org

192.168.10.3 is the internal ip of my network that the 12.xxx.xxx.xxx is forwarded to.

what you thinking??
0
 

Author Comment

by:amoos
ID: 20310052
yes i understand but there was no solution that we came upon.  i am just confused about what i need to put into my internal dns since my isp hosts all my dns??
0
 

Author Comment

by:amoos
ID: 20310095
i am sorry i did not mean to affend anyone.  does this mean that i cannot get help??
0
 

Author Comment

by:amoos
ID: 20310106
i understand you guys have helped me out so much and i greatly appreciate it.  i am just a little stuck and stressed out in my situation and i was wondering since my isp hosts my dns and mx records and they have @ as mail.mydomain.org does my smtp banner have to match??
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now