Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 243
  • Last Modified:

urgent dns help

i got put on the fiveten blacklist which i have heard is not bad because of all the false possitives and not one listens to them anyway.
all my dns is hosted by at&t and all i was told to do was point all the ip's that they gave me to my server through the firewall. i was told that all i needed to to with my dns was to have a forward lookup zone that had forwarders tomy isp who host my dns.  my internal is .local and my external is .org.  the only forward lookup zone that i have is for .local??  is this my problem???  do i need a forward lookup zone with forwarders to my isp for .org??? do i need to make a forward lookup zone for .org on my internal??
i ran a dns stuffreport and i get some worns but nothing to worry about.

i wanted to know if one of the experts could tell me from their end if my smtp banner is advertising what it is supose to be advertising.  it was advertising the .local but i changed that and it is now advertising the .org like it should be.  
i have download the smtpiag tool but i am not in front of the server right now to run it.

any suggestions on my dns????
0
amoos
Asked:
amoos
  • 7
  • 4
1 Solution
 
zane_oCommented:
One major issue with DNS and Blacklisting is not forward lookups, but reverse.  If AT&T is providing the DNS services for your IP range, they should be able to add a reverse lookup record for your mail server.  Most times mail servers don't check to make sure that the reverse lookup resolves to the exact name in the SMTP connect, they just want to verify that there is a reverse record for that IP address.
Only if AT&T (presumably the ISP providing your IP addresses) is referring to your DNS for reverse lookup on the IP addresses they are providing would you need to have a reverse lookup for that zone.
You do not need to create a forward lookup zone or any refers, it won't affect how outside mail servers see your server.
0
 
amoosAuthor Commented:
so how do i setup a reverse lookup zone for my dns???  shouldn't my isp do that??
0
 
zane_oCommented:
Your ISP should do that.  To check to see if there is a reverse lookup for your IP address you can go to www.dnsstuff.com and use the "Reverse DNS Lookup" IP Tool.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
amoosAuthor Commented:
ok this what i got.  what do you think??

Reverse DNS for 12.189.231.183
Email link to resultsGenerated by www.DNSstuff.com


When the server was last reloaded, we had 134146 IP addresses banned.
Remember, you are not allowed to use automated programs to access our tools, unless you have a purchased a DNSstuff automated usage plan.
Please email sales@dnsstuff.com to learn more.



op-tn.org is not an IP address, so I am using 12.189.231.183 (the A record for op-tn.org).

Location: United States [City: Nashville, Tennessee]

Preparation:
The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 12.189.231.183 is found by looking up the PTR record for
 183.231.189.12.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking c.root-servers.net for 183.231.189.12.in-addr.arpa PTR record:  
       c.root-servers.net says to go to cbru.br.ns.els-gms.att.net. (zone: 12.in-addr.arpa.)
Asking cbru.br.ns.els-gms.att.net. for 183.231.189.12.in-addr.arpa PTR record:  Got CNAME referral to 183.176/28.231.189.12.in-addr.arpa. at server cbru.br.ns.els-gms.att.net. (zone 176/28.231.189.12.in-addr.arpa.) [from 199.191.128.105]
Asking f.root-servers.net for 183.176/28.231.189.12.in-addr.arpa. PTR record:  
       f.root-servers.net [192.5.5.241] says to go to CBRU.BR.NS.ELS-GMS.ATT.NET. (zone: 12.in-addr.arpa.)
Asking CBRU.BR.NS.ELS-GMS.ATT.NET. for 183.176/28.231.189.12.in-addr.arpa. PTR record:  Reports www.op-tn.org. [from 199.191.128.105]

Answer:
12.189.231.183 PTR record: www.op-tn.org. [TTL 86400s] [A=12.189.231.183]

To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.

0
 
zane_oCommented:
There is no mail server responding at the IP address 12.189.231.183.  When I try an connect to it on port 25 it doesn't respond.
0
 
amoosAuthor Commented:
that is the ip that is from at&t.  what do i do??  mail is comming in fine but some mail is not reaching the destination??? what do i do??
0
 
zane_oCommented:
I don't understand. Is that the public IP address of your mail server?
0
 
amoosAuthor Commented:
the 12.xxx.xxx.xxx is the ip that was from at&t so i am assuming that is the public ip from at&t and the record is mail.op-tn.org

192.168.10.3 is the internal ip of my network that the 12.xxx.xxx.xxx is forwarded to.

what you thinking??
0
 
amoosAuthor Commented:
yes i understand but there was no solution that we came upon.  i am just confused about what i need to put into my internal dns since my isp hosts all my dns??
0
 
amoosAuthor Commented:
i am sorry i did not mean to affend anyone.  does this mean that i cannot get help??
0
 
amoosAuthor Commented:
i understand you guys have helped me out so much and i greatly appreciate it.  i am just a little stuck and stressed out in my situation and i was wondering since my isp hosts my dns and mx records and they have @ as mail.mydomain.org does my smtp banner have to match??
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now