copeasetic
asked on
DNS Record Setup - MX Record, SPF record and PTR - For VPS Hosting multiple virtual domains
My problem:
I have set up several domains on a VPS running WHM and cPanel on CentOS 4.6. I have been unable to properly set up my MX, SPF and PRT record as to properly send mail to domains that perform reverse DNS lookups. I have not properly set up my VPS and I need some guidance. My current DNS record as it pertains to mail looks like this:
Definitions:
shared IP = xxx.xxx.xxx.173 for virtual domains without SSL
exclusive IP = xxx.xxx.xxx.182 for main domain with SSL cert
exclusive IP = xxx.xxx.xxx.30 for mail server with SSL cert
domain.com. A xxx.xxx.xxx.182
domain.com. mx 0 mail.domain.com.
mail.domain.com. A xxx.xxx.xxx.30
xxx.xxx.xxx.182 PTR ggtai.com.
ns1.domain.com. A xxx.xxx.xxx.182
ns2.domain.com. A xxx.xxx.xxx.182
domain.com. TXT "v=spf1 a mx ~all"
hostname.domain.com A xxx.xxx.xxx.173
I have screwed this up when I installed the SSL certs, i.e. changed the IP of the mail server so I could install a SSL cert...
results of a dig -x on xxx.xxx.xxx.182
[root@ruby ~]# dig -x 66.11.239.182
; <<>> DiG 9.5.0b1 <<>> -x xxx.xxx.xxx.182
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28310
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;182.239.11.66.in-addr.arp a. IN PTR
;; ANSWER SECTION:
182.239.11.66.in-addr.arpa . 3600 IN PTR xxx-xxx-xxx-182.managemyvp s.com.
;; AUTHORITY SECTION:
239.11.66.in-addr.arpa. 18930 IN NS ns1.managemyvps.com.
239.11.66.in-addr.arpa. 18930 IN NS ns2.managemyvps.com.
; <<>> DiG 9.5.0b1 <<>> -x xxx.xxx.xxx..30
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13787
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;30.239.11.66.in-addr.arpa . IN PTR
;; ANSWER SECTION:
30.239.11.66.in-addr.arpa. 3600 IN PTR xxx-xxx-xxx-30.managemyvps .com.
;; AUTHORITY SECTION:
239.11.66.in-addr.arpa. 16135 IN NS ns1.managemyvps.com.
239.11.66.in-addr.arpa. 16135 IN NS ns2.managemyvps.com.
;; Query time: 37 msec
;; SERVER: 67.100.88.27#53(67.100.88. 27)
;; WHEN: Fri Jan 25 02:50:07 2008
;; MSG SIZE rcvd: 121
;; Query time: 36 msec
;; SERVER: 67.100.88.27#53(67.100.88. 27)
;; WHEN: Fri Jan 25 02:03:33 2008
;; MSG SIZE rcvd: 123
I need explicit instructions on what I need to do to correct this.
Thanks in advance.
I have set up several domains on a VPS running WHM and cPanel on CentOS 4.6. I have been unable to properly set up my MX, SPF and PRT record as to properly send mail to domains that perform reverse DNS lookups. I have not properly set up my VPS and I need some guidance. My current DNS record as it pertains to mail looks like this:
Definitions:
shared IP = xxx.xxx.xxx.173 for virtual domains without SSL
exclusive IP = xxx.xxx.xxx.182 for main domain with SSL cert
exclusive IP = xxx.xxx.xxx.30 for mail server with SSL cert
domain.com. A xxx.xxx.xxx.182
domain.com. mx 0 mail.domain.com.
mail.domain.com. A xxx.xxx.xxx.30
xxx.xxx.xxx.182 PTR ggtai.com.
ns1.domain.com. A xxx.xxx.xxx.182
ns2.domain.com. A xxx.xxx.xxx.182
domain.com. TXT "v=spf1 a mx ~all"
hostname.domain.com A xxx.xxx.xxx.173
I have screwed this up when I installed the SSL certs, i.e. changed the IP of the mail server so I could install a SSL cert...
results of a dig -x on xxx.xxx.xxx.182
[root@ruby ~]# dig -x 66.11.239.182
; <<>> DiG 9.5.0b1 <<>> -x xxx.xxx.xxx.182
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28310
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;182.239.11.66.in-addr.arp
;; ANSWER SECTION:
182.239.11.66.in-addr.arpa
;; AUTHORITY SECTION:
239.11.66.in-addr.arpa. 18930 IN NS ns1.managemyvps.com.
239.11.66.in-addr.arpa. 18930 IN NS ns2.managemyvps.com.
; <<>> DiG 9.5.0b1 <<>> -x xxx.xxx.xxx..30
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13787
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;30.239.11.66.in-addr.arpa
;; ANSWER SECTION:
30.239.11.66.in-addr.arpa.
;; AUTHORITY SECTION:
239.11.66.in-addr.arpa. 16135 IN NS ns1.managemyvps.com.
239.11.66.in-addr.arpa. 16135 IN NS ns2.managemyvps.com.
;; Query time: 37 msec
;; SERVER: 67.100.88.27#53(67.100.88.
;; WHEN: Fri Jan 25 02:50:07 2008
;; MSG SIZE rcvd: 121
;; Query time: 36 msec
;; SERVER: 67.100.88.27#53(67.100.88.
;; WHEN: Fri Jan 25 02:03:33 2008
;; MSG SIZE rcvd: 123
I need explicit instructions on what I need to do to correct this.
Thanks in advance.
239.11.66.in-addr.arpa. 18930 IN NS ns1.managemyvps.com.
239.11.66.in-addr.arpa. 18930 IN NS ns2.managemyvps.com.
Do you have access to those nameservers? If not you can ask your ISP to do it or to delegate the zone of the 2 IPs to your DNS.
239.11.66.in-addr.arpa. 18930 IN NS ns2.managemyvps.com.
Do you have access to those nameservers? If not you can ask your ISP to do it or to delegate the zone of the 2 IPs to your DNS.
ASKER
I do not have access to those nameservers and I will submit the request. Would you mind providing more detail as to what exactly I am attempting to accomplish by asking for delegation?
Thank you!
Thank you!
Hi you have two options:
1. Ask your ISP to do RDNS for you by your specs, easiest way
2. Ask your ISP to delegate the 182.239.11.66.in-addr.arpa . and 30.239.11.66.in-addr.arpa. to your DNS, which I doubt they will
1. Ask your ISP to do RDNS for you by your specs, easiest way
2. Ask your ISP to delegate the 182.239.11.66.in-addr.arpa
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
First of all you should ask support of managemyvps.com ISP to change their PTR records for .182 and .30 to point to secure.ggtai.com and mail.ggtai.com accordingly.
And remove PTR from your DNS.
You have no use of second NS2 server because it has the same IP as NS1, so it's safe to remove it also (I know the requirement to have at least 2 NS for any domain, but once registered you have no use of second NS having the same IP, it only slows down negative name lookup response in case of your NS failure).
SSL certs are bound to the host name, not to IP. And having reverse lookup the same as direct doesn't matter for WEB, but it does for mail server only.
If you have any specific problem with SSL please provide more details.