CrypticIT
asked on
Windows Internet DNS PTR issue
We are having problems with mail delivery to aol, Comcast and other domains. Complaining of rDNS invalid. Queries via 4.2.2.2 set type=PTR show nothing when we type in our IP. We had changed to a new IP address for our server and updated out PTR record under a new zone database. The old PTR worked great, the new one not at all apparently.
I believe out PTR is not making it out to the wild. If anyone has experience with these issues and would like to help please email me off list.
All of our emails to domains that use the rDNS, PTR reverse lookup are queuing up fast on our edge smtp server.
Any help would be appreciated, no idea why our PTR database is not being honored by the Internet DNS servers.
I believe out PTR is not making it out to the wild. If anyone has experience with these issues and would like to help please email me off list.
All of our emails to domains that use the rDNS, PTR reverse lookup are queuing up fast on our edge smtp server.
Any help would be appreciated, no idea why our PTR database is not being honored by the Internet DNS servers.
ASKER
The problem was due to our nameserver not being registered with ARIN. We "own" (have rights from ARIN to use) our address block.
When ARIN provides you an address block /22 or other, and you require PTR's for things such as MX record mail servers (to avoid PTR reverse lookup checks by other mail servers which is common in the ISP world), you are required to register the authoritative nameserver(s) for those blocks of addresses and define the ip-addr.arpa database to reflect the reverse lookup information.
ARIN requires you to fill out a netmod template to modify the network information in their database. Once the ticket from ARIN is approved, it is batch processed and wont take affect until after 7PM Eastern TIme. Ours took roughly 2 1/2 hours to propagate throughout the internet, the last DNS server seen to update was in Poland. The GTLD servers for root of .com (not delegate root-servers of . ) took less than 1 hours. It just depends on how many updates they have for the batch process.
Once the change has taken place, the DNS servers in the wild now know who to contact as authoritative for the IP address block (such as the CIDR /22 or other). Before the change, ARIN was authoritative (such as their DNS servers on *.arin.net). Now, we are.
When ARIN provides you an address block /22 or other, and you require PTR's for things such as MX record mail servers (to avoid PTR reverse lookup checks by other mail servers which is common in the ISP world), you are required to register the authoritative nameserver(s) for those blocks of addresses and define the ip-addr.arpa database to reflect the reverse lookup information.
ARIN requires you to fill out a netmod template to modify the network information in their database. Once the ticket from ARIN is approved, it is batch processed and wont take affect until after 7PM Eastern TIme. Ours took roughly 2 1/2 hours to propagate throughout the internet, the last DNS server seen to update was in Poland. The GTLD servers for root of .com (not delegate root-servers of . ) took less than 1 hours. It just depends on how many updates they have for the batch process.
Once the change has taken place, the DNS servers in the wild now know who to contact as authoritative for the IP address block (such as the CIDR /22 or other). Before the change, ARIN was authoritative (such as their DNS servers on *.arin.net). Now, we are.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> updated out PTR record under a new zone database
You must arrange this with your ISP. It's extremely unlikely that they have delegated responsibility for the Reverse Lookup Zone to you and unless they do only they can make the record available.
Chris