• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 388
  • Last Modified:

Windows Internet DNS PTR issue

We are having problems with mail delivery to aol, Comcast and other domains. Complaining of rDNS invalid. Queries via set type=PTR show nothing when we type in our IP. We had changed to a new IP address for our server and updated out PTR record under a new zone database. The old PTR worked great, the new one not at all apparently.

I believe out PTR is not making it out to the wild. If anyone has experience with these issues and would like to help please email me off list.

All of our emails to domains that use the rDNS, PTR reverse lookup are queuing up fast on our edge smtp server.

Any help would be appreciated, no idea why our PTR database is not being honored by the Internet DNS servers.
  • 2
1 Solution
Chris DentPowerShell DeveloperCommented:

> updated out PTR record under a new zone database

You must arrange this with your ISP. It's extremely unlikely that they have delegated responsibility for the Reverse Lookup Zone to you and unless they do only they can make the record available.

CrypticITAuthor Commented:
The problem was due to our nameserver not being registered with ARIN. We "own" (have rights from ARIN to use) our address block.

When ARIN provides you an address block /22 or other, and you require PTR's for things such as MX record mail servers (to avoid PTR reverse lookup checks by other mail servers which is common in the ISP world), you are required to register the authoritative nameserver(s) for those blocks of addresses and define the ip-addr.arpa database to reflect the reverse lookup information.

ARIN requires you to fill out a netmod template to modify the network information in their database. Once the ticket from ARIN is approved, it is batch processed and wont take affect until after 7PM Eastern TIme. Ours took roughly 2 1/2 hours to propagate throughout the internet, the last DNS server seen to update was in Poland. The GTLD servers for root of .com (not delegate root-servers of . ) took less than 1 hours. It just depends on how many updates they have for the batch process.

Once the change has taken place, the DNS servers in the wild now know who to contact as authoritative for the IP address block (such as the CIDR /22 or other). Before the change, ARIN was authoritative (such as their DNS servers on *.arin.net). Now, we are.
Chris DentPowerShell DeveloperCommented:

Not objecting to the delete or anything, but...

> We "own" (have rights from ARIN to use) our address block.

If you'd said that in the first place I would have told you where to check a week ago. If there isn't enough detail then I will assume you fall into the most common category.

Anyway, I'm glad you have it fixed, that's the most important part :)


Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now