• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1643
  • Last Modified:

Reverse DNS lookup

our mail server is mail.externaldomainname.com when i do a reverse lookup using a site like mxtoolbox or testexchangeconnectivity, it shows reverse lookup failed. My reverse DNS is being displayed as: mail.internaldomainname.com; which is different than our external domain name. How can i resolve?
0
mray77
Asked:
mray77
  • 23
  • 19
  • 2
  • +1
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Most commonly this means contacting your ISP and asking them to set or correct the PTR record.

We can check exactly where if you feel your ISP is not responsible for the record.

Chris
0
 
mray77Author Commented:
ATT is our ISP, and we manage our own DNS through their site. I have an A record for MAIL pointing to the external ip address of our mail server.
0
 
mattconroyCommented:
Add a reverse lookup (PTR record).
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
Chris DentPowerShell DeveloperCommented:

Sure, but Forward and Reverse Lookup are not delegated down the same paths.

That means you can have company X who look after your forward lookup zone (the mail records, etc), and company Y who look after reverse lookup.

Company Y is typically your ISP, or whoever provides you with the internet connection. In a (very) small number of cases reverse lookup is delegated to you. However, you generally know about it if that is the case because you'd have had to ask for it.

If ATT provide both DNS hosting and the connection for you, then you may still need to get in touch with them. A PTR record may not be exposed in your regular DNS interface. It depends on your hosting agreement: If you pay for hosted servers (on their site) then it may be available; if you pay for DNS and a net connection seperately (technically if not administratively) then it's unlikely to be so easily available.

Chris
0
 
mray77Author Commented:
There is an option to add/update the PTR record when i create the A record for MAIL. Should this PTR record be mail.internal.com or mail.external.com? That's where i'm unclear. It seems like right now it's mail.internal.com and that is wrong.
0
 
Chris DentPowerShell DeveloperCommented:

Where are you looking? That sounds like an MS DNS option? :)

If it's in their, your ISPs interface, then you need the public name, and public IP (mail.external.com and its IP).

Chris
0
 
mray77Author Commented:
No, it's an ATT tool called https://www.businessdirect.att.com it's for managing our external dns
0
 
Chris DentPowerShell DeveloperCommented:

Ahh good, just checking :)

In that case you want the PTR record to point to mail.external.com. Does it give you the option to change it?

Chris
0
 
mray77Author Commented:
Yes, but i get the feeling that it's not updating. I'm on hold now with ATT. i'm going to have them check it. Thanks for the help!
0
 
Chris DentPowerShell DeveloperCommented:

It might take time, these things are very rarely instant. It's not unreasonable to expect it to take a few days for a change to flow through.

Still, check with them anyway, that's well worth doing, waiting 2 days and seeing nothing would be poor form :)

Chris
0
 
mattconroyCommented:
Sometimes it can take 24 hours for the DNS change.
0
 
mray77Author Commented:
ATT is telling me my PTR record is correct. They even used dnsstuff.com.
0
 
mray77Author Commented:
They are basically using the same tools i have access too.
0
 
Chris DentPowerShell DeveloperCommented:

We can test it without any tools. Let me walk you through:

1. Lookup the servers responsible for the IP address, where 1.2.3.4 is the IP

Note: The IP is reversed in our commands intentionally.

nslookup -q=ns 4.3.2.1.in-addr.arpa

You should get a response like this:

3.2.1.in-addr.arpa
        primary name server = ns1.somedomain.com.

2. Lookup the record on the primary name server:

nslookup -q=ptr 4.3.2.1.in-addr.arpa ns1.somedomain.com

We're executing the query for the PTR record against the system that claims it's responsible. This bypasses all caching and update intervals, you should get the changed version of the record this time.

Chris
0
 
mray77Author Commented:
You are a genius! Check this out...

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\jjenkins.FSDOMAIN>nslookup -q=ns 1.2.3.4.in-addr.arpa
Server:  UnKnown
Address:  a.b.c.d

Non-authoritative answer:
1.2.3.4.in-addr.arpa.fsdomain.com nameserver = ns1.dsredirection.com
1.2.3.4.in-addr.arpa.fsdomain.com nameserver = ns2.dsredirection.com

ns1.dsredirection.com   internet address = x.x.x.x

C:\Users\jjenkins.FSDOMAIN>nslookup -q=ptr 1.2.3.4.in-addr.arpa ns1.dsredi
rection.com
Server:  UnKnown
Address:  a.b.c.d

*** No domain name pointer (PTR) records available for 1.2.3.4.in-addr.arp
a

C:\Users\jjenkins.FSDOMAIN>
0
 
Chris DentPowerShell DeveloperCommented:
Ahh it's got a bit confused. Try this one instead:

nslookup -q=ns 4.3.2.1.in-addr.arpa.
nslookup -q=ptr 4.3.2.1.in-addr.arpa. ns1.somedomain.com

Notice how I've added the . after arpa? That'll stop it adding fsdomain.com on the end, we don't want it to do that.

There are better tools for this, I generally recommend this one:

http://members.shaw.ca/nicholas.fong/dig/

But my resolver can do it too (although you have to have PowerShell):

http://code.msdn.microsoft.com/dnsshell/Release/ProjectReleases.aspx?ReleaseId=5028

For the first, we'd do:

dig 1.2.3.4 ptr +trace

Or in mine:

Get-Dns 1.2.3.4 ptr -Trace

In each case we're most interested in the final block, the bit that shows us the response. The advantage here is that it takes the hard work of figuring out where to send a request out of your hands :)

Chris
0
 
mray77Author Commented:
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\jjenkins.FSDOMAIN>nslookup -q=ns 1.2.3.4.in-addr.arpa.
Server:  UnKnown
Address:  a.b.c.d

2.3.4.in-addr.arpa
        primary name server = adns01.bigpond.com
        responsible mail addr = hostmaster.bigpond.com
        serial  = 9
        refresh = 43200 (12 hours)
        retry   = 3600 (1 hour)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

C:\Users\jjenkins.FSDOMAIN>nslookup -q=ptr 1.2.3.4.in-addr.arpa. ns1.bigpo
nd.com
*** Can't find server address for 'ns1.bigpond.com':
Server:  UnKnown
Address:  a.b.c.d

Non-authoritative answer:
1.2.3.4.in-addr.arpa      name = CPE-4-3-2-1.lns1.wel.bigpond.net.au


2.3.4.in-addr.arpa nameserver = adns01.bigpond.com
2.3.4.in-addr.arpa nameserver = adns02.bigpond.com
2.3.4.in-addr.arpa nameserver = adns03.bigpond.com
2.3.4.in-addr.arpa nameserver = adns04.bigpond.com

C:\Users\jjenkins.FSDOMAIN>
0
 
Chris DentPowerShell DeveloperCommented:
Remember we had to reverse the IP address for nslookup ? :)

So if your IP is 212.213.214.215 it becomes this for the PTR record:

215.214.213.212.in-addr.arpa.

Fun, isn't it? :)

Chris
0
 
mray77Author Commented:
So what you are saying is that in my PTR record, i need update it and reverse? Or are we talking about a mistake i made running the nslookup?
0
 
Chris DentPowerShell DeveloperCommented:

Just a mistake in the nslookup run.

Pick up the install for dig above, it'll make the checks a lot simpler. Unfortunately nslookup itself isn't a particularly comprehensive debugging tool.

Chris
0
 
alreadyinuseCommented:
If you are using att direct and you login do you see the reverse DNS zone for your IP Address range available? If you do not see this then you cannot add or update records for that IP range from the ATT DNS console.

You then have two options.

1. Ask the ISP that controls the reverse lookup zone to create the record.
2. Have the RR zone delegated to your ATT direct account. If this is your choice contact ATT Support and confirm the DNS servers that the ISP should delegate the the RR zone to. Then ask the ISP to delegate the RR Zone to the listed servers. Some will not do this.

Another bit of trivia, the PTR record is best if it matches the A record but not necessary. Also if you are actually sending out your email through a gatway that is not the same ip address as your MX record then that ip address also requires an A and an RR record.
0
 
mray77Author Commented:
Chris, quick question on the install. I'm running in to this issue; which is in the instructions:
Import-Module will throw an error on import if the Execution Policy requires all files to be signed. The format file is not signed.
0
 
Chris DentPowerShell DeveloperCommented:

Run:

Set-ExecutionPolicy RemoteSigned

That should let it carry on, until I get around to getting myself a proper certificate.

Chris
0
 
mray77Author Commented:
Another observation...When i do a simple telnet test, the HELO response from my mail server is mail.Internal_Domain_Name.com
0
 
Chris DentPowerShell DeveloperCommented:

That may not necessarily matter, it depends on the FQDN value you have listed in the Send Connector (Org Config \ Hub Transport).

Chris
0
 
mray77Author Commented:
My FQDN listed on the Send Connector is set to mail.external_domain.com my receive connector is set to mail.internal_domain.com as it does not let me configure this for internal domain.
0
 
Chris DentPowerShell DeveloperCommented:

Cool, that's good. Ignore the one you see when you run telnet ..., it's showing you the FQDN for the Receive Connector.

Chris
0
 
mray77Author Commented:
Gotcha. I think it's important to note that we are using MXLogic for spam filtering. Could there be something there? I just keep coming back to the message when using mxtoolbox.com which says: Warning - Reverse DNS does not match SMTP Banner. I'm really scratching my head here since everything looks right. ATT confirmed DNS and PTR are correct and the FQDN on my send connector is correct.
0
 
Chris DentPowerShell DeveloperCommented:

Is that sending out for you? Or is it only inbound mail that comes through that?

mxtoolbox...

It's limited.

You know the test you did with Telnet? That's what it just did, there's no way for it to find out the name used by your Send Connector.

It means you can generally ignore the result of that test as long as mail is flowing properly.

Chris
0
 
alreadyinuseCommented:
We used to use postini and had the same banner mismatch. And we did experience in that some remote smtp systems would reject our emails due to the banner mismatch at that time.
0
 
mray77Author Commented:
So if i have an email address that is not accepting our mail, can i try to send via telnet and post the response?
0
 
Chris DentPowerShell DeveloperCommented:

Yep, you can indeed.

Chris
0
 
mray77Author Commented:
I don't have there mail server name, they are actually using MXLOGIC just like we are. Domain i'm trying to send to:
buckenmeyer-king-cpa.com
0
 
Chris DentPowerShell DeveloperCommented:

In that case you'd do what your mail server does, look up the MX record:

nslookup -q=mx buckenmeyer-king-cpa.com

Your server takes those, then picks one of the servers with the lowest MX Preference. For example this one:

buckenmeyer-king-cpa.com        MX preference = 15, mail exchanger = buckenmeyer-king-cpa.com.inbound15.mxlogic.net

Then your server will attempt to connect to the exchanger:

telnet buckenmeyer-king-cpa.com.inbound15.mxlogic.net 25

Once you're there, you can start your conversation:

helo mail.external_domain.com
mail from: you@domain.com
rcpt to: recipient@domain.com
data
.

Chris
0
 
mray77Author Commented:
Here is something that is odd. i just sent from Telnet and the recipient received it and responded. I about fell out of my seat. I sent from Outlook, and have not heard back from them.
0
 
mray77Author Commented:
The message i sent from Outlook is just sitting in my exchange 2010 mail queue.
0
 
Chris DentPowerShell DeveloperCommented:

When you did the telnet test, that was from your Exchange server?

Chris
0
 
mray77Author Commented:
it was from my workstation; which is on the same network. Could there be a difference?
0
 
Chris DentPowerShell DeveloperCommented:

Yeah, I'd only expect your Exchange server to have the problematic IP address. I reckon you should give it a try from the Exchange server itself.

Chris
0
 
mray77Author Commented:
It worked from the exchange server too using telnet. I now have a technical contact we can work with on their side. Again, still not working when sent from Outlook. Message is stuck in the queue.
0
 
Chris DentPowerShell DeveloperCommented:

What's the message it's logging while it's stuck in the queue?

Chris
0
 
mray77Author Commented:
Identity: mail\9075\128950
Subject: last test
Internet Message ID: <CC6239D8EE38044C8E677E019F6A785A146079E4@mail.mydomain.com>
From Address: sender@mydomain.com
Status: Ready
Size (KB): 41
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 2/11/2011 9:52:52 AM
Expiration Time: 2/13/2011 9:52:52 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: mail\9075
Recipients:  someone@buckenmeyer-king-cpa.com
0
 
Chris DentPowerShell DeveloperCommented:
Hmm well it does suggest that it hasn't figured out the PTR record yet, but I'd have expected it to refuse to talk to you using telnet if that were the case.

Is any mail flowing out?

Chris
0
 
mray77Author Commented:
Yes, currently that is the only external domain in the queue not sending.
0
 
mray77Author Commented:
No forwarders were configured in DNS.
0
 
mray77Author Commented:
No forwarders were configured in DNS.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 23
  • 19
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now