Solved

urgent dns help

Posted on 2007-11-18
14
232 Views
Last Modified: 2010-04-07
i got put on the fiveten blacklist which i have heard is not bad because of all the false possitives and not one listens to them anyway.
all my dns is hosted by at&t and all i was told to do was point all the ip's that they gave me to my server through the firewall. i was told that all i needed to to with my dns was to have a forward lookup zone that had forwarders tomy isp who host my dns.  my internal is .local and my external is .org.  the only forward lookup zone that i have is for .local??  is this my problem???  do i need a forward lookup zone with forwarders to my isp for .org??? do i need to make a forward lookup zone for .org on my internal??
i ran a dns stuffreport and i get some worns but nothing to worry about.

i wanted to know if one of the experts could tell me from their end if my smtp banner is advertising what it is supose to be advertising.  it was advertising the .local but i changed that and it is now advertising the .org like it should be.  
i have download the smtpiag tool but i am not in front of the server right now to run it.

any suggestions on my dns????
0
Comment
Question by:amoos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
14 Comments
 
LVL 6

Expert Comment

by:zane_o
ID: 20308953
One major issue with DNS and Blacklisting is not forward lookups, but reverse.  If AT&T is providing the DNS services for your IP range, they should be able to add a reverse lookup record for your mail server.  Most times mail servers don't check to make sure that the reverse lookup resolves to the exact name in the SMTP connect, they just want to verify that there is a reverse record for that IP address.
Only if AT&T (presumably the ISP providing your IP addresses) is referring to your DNS for reverse lookup on the IP addresses they are providing would you need to have a reverse lookup for that zone.
You do not need to create a forward lookup zone or any refers, it won't affect how outside mail servers see your server.
0
 

Author Comment

by:amoos
ID: 20308980
so how do i setup a reverse lookup zone for my dns???  shouldn't my isp do that??
0
 
LVL 6

Expert Comment

by:zane_o
ID: 20309001
Your ISP should do that.  To check to see if there is a reverse lookup for your IP address you can go to www.dnsstuff.com and use the "Reverse DNS Lookup" IP Tool.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Author Comment

by:amoos
ID: 20309024
ok this what i got.  what do you think??

Reverse DNS for 12.189.231.183
Email link to resultsGenerated by www.DNSstuff.com


When the server was last reloaded, we had 134146 IP addresses banned.
Remember, you are not allowed to use automated programs to access our tools, unless you have a purchased a DNSstuff automated usage plan.
Please email sales@dnsstuff.com to learn more.



op-tn.org is not an IP address, so I am using 12.189.231.183 (the A record for op-tn.org).

Location: United States [City: Nashville, Tennessee]

Preparation:
The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 12.189.231.183 is found by looking up the PTR record for
 183.231.189.12.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking c.root-servers.net for 183.231.189.12.in-addr.arpa PTR record:  
       c.root-servers.net says to go to cbru.br.ns.els-gms.att.net. (zone: 12.in-addr.arpa.)
Asking cbru.br.ns.els-gms.att.net. for 183.231.189.12.in-addr.arpa PTR record:  Got CNAME referral to 183.176/28.231.189.12.in-addr.arpa. at server cbru.br.ns.els-gms.att.net. (zone 176/28.231.189.12.in-addr.arpa.) [from 199.191.128.105]
Asking f.root-servers.net for 183.176/28.231.189.12.in-addr.arpa. PTR record:  
       f.root-servers.net [192.5.5.241] says to go to CBRU.BR.NS.ELS-GMS.ATT.NET. (zone: 12.in-addr.arpa.)
Asking CBRU.BR.NS.ELS-GMS.ATT.NET. for 183.176/28.231.189.12.in-addr.arpa. PTR record:  Reports www.op-tn.org. [from 199.191.128.105]

Answer:
12.189.231.183 PTR record: www.op-tn.org. [TTL 86400s] [A=12.189.231.183]

To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.

0
 
LVL 6

Accepted Solution

by:
zane_o earned 250 total points
ID: 20309081
There is no mail server responding at the IP address 12.189.231.183.  When I try an connect to it on port 25 it doesn't respond.
0
 

Author Comment

by:amoos
ID: 20309105
that is the ip that is from at&t.  what do i do??  mail is comming in fine but some mail is not reaching the destination??? what do i do??
0
 
LVL 6

Expert Comment

by:zane_o
ID: 20309117
I don't understand. Is that the public IP address of your mail server?
0
 

Author Comment

by:amoos
ID: 20309134
the 12.xxx.xxx.xxx is the ip that was from at&t so i am assuming that is the public ip from at&t and the record is mail.op-tn.org

192.168.10.3 is the internal ip of my network that the 12.xxx.xxx.xxx is forwarded to.

what you thinking??
0
 

Author Comment

by:amoos
ID: 20310052
yes i understand but there was no solution that we came upon.  i am just confused about what i need to put into my internal dns since my isp hosts all my dns??
0
 

Author Comment

by:amoos
ID: 20310095
i am sorry i did not mean to affend anyone.  does this mean that i cannot get help??
0
 

Author Comment

by:amoos
ID: 20310106
i understand you guys have helped me out so much and i greatly appreciate it.  i am just a little stuck and stressed out in my situation and i was wondering since my isp hosts my dns and mx records and they have @ as mail.mydomain.org does my smtp banner have to match??
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question