Solved

Reverse DNS lookup

Posted on 2011-02-10
46
1,635 Views
Last Modified: 2012-05-11
our mail server is mail.externaldomainname.com when i do a reverse lookup using a site like mxtoolbox or testexchangeconnectivity, it shows reverse lookup failed. My reverse DNS is being displayed as: mail.internaldomainname.com; which is different than our external domain name. How can i resolve?
0
Comment
Question by:mray77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 23
  • 19
  • 2
  • +1
46 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865280

Most commonly this means contacting your ISP and asking them to set or correct the PTR record.

We can check exactly where if you feel your ISP is not responsible for the record.

Chris
0
 

Author Comment

by:mray77
ID: 34865298
ATT is our ISP, and we manage our own DNS through their site. I have an A record for MAIL pointing to the external ip address of our mail server.
0
 
LVL 6

Expert Comment

by:mattconroy
ID: 34865347
Add a reverse lookup (PTR record).
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865363

Sure, but Forward and Reverse Lookup are not delegated down the same paths.

That means you can have company X who look after your forward lookup zone (the mail records, etc), and company Y who look after reverse lookup.

Company Y is typically your ISP, or whoever provides you with the internet connection. In a (very) small number of cases reverse lookup is delegated to you. However, you generally know about it if that is the case because you'd have had to ask for it.

If ATT provide both DNS hosting and the connection for you, then you may still need to get in touch with them. A PTR record may not be exposed in your regular DNS interface. It depends on your hosting agreement: If you pay for hosted servers (on their site) then it may be available; if you pay for DNS and a net connection seperately (technically if not administratively) then it's unlikely to be so easily available.

Chris
0
 

Author Comment

by:mray77
ID: 34865425
There is an option to add/update the PTR record when i create the A record for MAIL. Should this PTR record be mail.internal.com or mail.external.com? That's where i'm unclear. It seems like right now it's mail.internal.com and that is wrong.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865438

Where are you looking? That sounds like an MS DNS option? :)

If it's in their, your ISPs interface, then you need the public name, and public IP (mail.external.com and its IP).

Chris
0
 

Author Comment

by:mray77
ID: 34865454
No, it's an ATT tool called https://www.businessdirect.att.com it's for managing our external dns
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865467

Ahh good, just checking :)

In that case you want the PTR record to point to mail.external.com. Does it give you the option to change it?

Chris
0
 

Author Comment

by:mray77
ID: 34865479
Yes, but i get the feeling that it's not updating. I'm on hold now with ATT. i'm going to have them check it. Thanks for the help!
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865515

It might take time, these things are very rarely instant. It's not unreasonable to expect it to take a few days for a change to flow through.

Still, check with them anyway, that's well worth doing, waiting 2 days and seeing nothing would be poor form :)

Chris
0
 
LVL 6

Expert Comment

by:mattconroy
ID: 34865516
Sometimes it can take 24 hours for the DNS change.
0
 

Author Comment

by:mray77
ID: 34865534
ATT is telling me my PTR record is correct. They even used dnsstuff.com.
0
 

Author Comment

by:mray77
ID: 34865536
They are basically using the same tools i have access too.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865582

We can test it without any tools. Let me walk you through:

1. Lookup the servers responsible for the IP address, where 1.2.3.4 is the IP

Note: The IP is reversed in our commands intentionally.

nslookup -q=ns 4.3.2.1.in-addr.arpa

You should get a response like this:

3.2.1.in-addr.arpa
        primary name server = ns1.somedomain.com.

2. Lookup the record on the primary name server:

nslookup -q=ptr 4.3.2.1.in-addr.arpa ns1.somedomain.com

We're executing the query for the PTR record against the system that claims it's responsible. This bypasses all caching and update intervals, you should get the changed version of the record this time.

Chris
0
 

Author Comment

by:mray77
ID: 34865741
You are a genius! Check this out...

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\jjenkins.FSDOMAIN>nslookup -q=ns 1.2.3.4.in-addr.arpa
Server:  UnKnown
Address:  a.b.c.d

Non-authoritative answer:
1.2.3.4.in-addr.arpa.fsdomain.com nameserver = ns1.dsredirection.com
1.2.3.4.in-addr.arpa.fsdomain.com nameserver = ns2.dsredirection.com

ns1.dsredirection.com   internet address = x.x.x.x

C:\Users\jjenkins.FSDOMAIN>nslookup -q=ptr 1.2.3.4.in-addr.arpa ns1.dsredi
rection.com
Server:  UnKnown
Address:  a.b.c.d

*** No domain name pointer (PTR) records available for 1.2.3.4.in-addr.arp
a

C:\Users\jjenkins.FSDOMAIN>
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865798
Ahh it's got a bit confused. Try this one instead:

nslookup -q=ns 4.3.2.1.in-addr.arpa.
nslookup -q=ptr 4.3.2.1.in-addr.arpa. ns1.somedomain.com

Notice how I've added the . after arpa? That'll stop it adding fsdomain.com on the end, we don't want it to do that.

There are better tools for this, I generally recommend this one:

http://members.shaw.ca/nicholas.fong/dig/

But my resolver can do it too (although you have to have PowerShell):

http://code.msdn.microsoft.com/dnsshell/Release/ProjectReleases.aspx?ReleaseId=5028

For the first, we'd do:

dig 1.2.3.4 ptr +trace

Or in mine:

Get-Dns 1.2.3.4 ptr -Trace

In each case we're most interested in the final block, the bit that shows us the response. The advantage here is that it takes the hard work of figuring out where to send a request out of your hands :)

Chris
0
 

Author Comment

by:mray77
ID: 34865932
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\jjenkins.FSDOMAIN>nslookup -q=ns 1.2.3.4.in-addr.arpa.
Server:  UnKnown
Address:  a.b.c.d

2.3.4.in-addr.arpa
        primary name server = adns01.bigpond.com
        responsible mail addr = hostmaster.bigpond.com
        serial  = 9
        refresh = 43200 (12 hours)
        retry   = 3600 (1 hour)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

C:\Users\jjenkins.FSDOMAIN>nslookup -q=ptr 1.2.3.4.in-addr.arpa. ns1.bigpo
nd.com
*** Can't find server address for 'ns1.bigpond.com':
Server:  UnKnown
Address:  a.b.c.d

Non-authoritative answer:
1.2.3.4.in-addr.arpa      name = CPE-4-3-2-1.lns1.wel.bigpond.net.au


2.3.4.in-addr.arpa nameserver = adns01.bigpond.com
2.3.4.in-addr.arpa nameserver = adns02.bigpond.com
2.3.4.in-addr.arpa nameserver = adns03.bigpond.com
2.3.4.in-addr.arpa nameserver = adns04.bigpond.com

C:\Users\jjenkins.FSDOMAIN>
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34865971
Remember we had to reverse the IP address for nslookup ? :)

So if your IP is 212.213.214.215 it becomes this for the PTR record:

215.214.213.212.in-addr.arpa.

Fun, isn't it? :)

Chris
0
 

Author Comment

by:mray77
ID: 34866010
So what you are saying is that in my PTR record, i need update it and reverse? Or are we talking about a mistake i made running the nslookup?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34866111

Just a mistake in the nslookup run.

Pick up the install for dig above, it'll make the checks a lot simpler. Unfortunately nslookup itself isn't a particularly comprehensive debugging tool.

Chris
0
 
LVL 5

Expert Comment

by:alreadyinuse
ID: 34867523
If you are using att direct and you login do you see the reverse DNS zone for your IP Address range available? If you do not see this then you cannot add or update records for that IP range from the ATT DNS console.

You then have two options.

1. Ask the ISP that controls the reverse lookup zone to create the record.
2. Have the RR zone delegated to your ATT direct account. If this is your choice contact ATT Support and confirm the DNS servers that the ISP should delegate the the RR zone to. Then ask the ISP to delegate the RR Zone to the listed servers. Some will not do this.

Another bit of trivia, the PTR record is best if it matches the A record but not necessary. Also if you are actually sending out your email through a gatway that is not the same ip address as your MX record then that ip address also requires an A and an RR record.
0
 

Author Comment

by:mray77
ID: 34870935
Chris, quick question on the install. I'm running in to this issue; which is in the instructions:
Import-Module will throw an error on import if the Execution Policy requires all files to be signed. The format file is not signed.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34871032

Run:

Set-ExecutionPolicy RemoteSigned

That should let it carry on, until I get around to getting myself a proper certificate.

Chris
0
 

Author Comment

by:mray77
ID: 34871219
Another observation...When i do a simple telnet test, the HELO response from my mail server is mail.Internal_Domain_Name.com
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34871318

That may not necessarily matter, it depends on the FQDN value you have listed in the Send Connector (Org Config \ Hub Transport).

Chris
0
 

Author Comment

by:mray77
ID: 34871352
My FQDN listed on the Send Connector is set to mail.external_domain.com my receive connector is set to mail.internal_domain.com as it does not let me configure this for internal domain.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34871367

Cool, that's good. Ignore the one you see when you run telnet ..., it's showing you the FQDN for the Receive Connector.

Chris
0
 

Author Comment

by:mray77
ID: 34871392
Gotcha. I think it's important to note that we are using MXLogic for spam filtering. Could there be something there? I just keep coming back to the message when using mxtoolbox.com which says: Warning - Reverse DNS does not match SMTP Banner. I'm really scratching my head here since everything looks right. ATT confirmed DNS and PTR are correct and the FQDN on my send connector is correct.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34871471

Is that sending out for you? Or is it only inbound mail that comes through that?

mxtoolbox...

It's limited.

You know the test you did with Telnet? That's what it just did, there's no way for it to find out the name used by your Send Connector.

It means you can generally ignore the result of that test as long as mail is flowing properly.

Chris
0
 
LVL 5

Expert Comment

by:alreadyinuse
ID: 34871480
We used to use postini and had the same banner mismatch. And we did experience in that some remote smtp systems would reject our emails due to the banner mismatch at that time.
0
 

Author Comment

by:mray77
ID: 34871494
So if i have an email address that is not accepting our mail, can i try to send via telnet and post the response?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34871499

Yep, you can indeed.

Chris
0
 

Author Comment

by:mray77
ID: 34871566
I don't have there mail server name, they are actually using MXLOGIC just like we are. Domain i'm trying to send to:
buckenmeyer-king-cpa.com
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34871612

In that case you'd do what your mail server does, look up the MX record:

nslookup -q=mx buckenmeyer-king-cpa.com

Your server takes those, then picks one of the servers with the lowest MX Preference. For example this one:

buckenmeyer-king-cpa.com        MX preference = 15, mail exchanger = buckenmeyer-king-cpa.com.inbound15.mxlogic.net

Then your server will attempt to connect to the exchanger:

telnet buckenmeyer-king-cpa.com.inbound15.mxlogic.net 25

Once you're there, you can start your conversation:

helo mail.external_domain.com
mail from: you@domain.com
rcpt to: recipient@domain.com
data
.

Chris
0
 

Author Comment

by:mray77
ID: 34871615
Here is something that is odd. i just sent from Telnet and the recipient received it and responded. I about fell out of my seat. I sent from Outlook, and have not heard back from them.
0
 

Author Comment

by:mray77
ID: 34871725
The message i sent from Outlook is just sitting in my exchange 2010 mail queue.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34871745

When you did the telnet test, that was from your Exchange server?

Chris
0
 

Author Comment

by:mray77
ID: 34871805
it was from my workstation; which is on the same network. Could there be a difference?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34871879

Yeah, I'd only expect your Exchange server to have the problematic IP address. I reckon you should give it a try from the Exchange server itself.

Chris
0
 

Author Comment

by:mray77
ID: 34872119
It worked from the exchange server too using telnet. I now have a technical contact we can work with on their side. Again, still not working when sent from Outlook. Message is stuck in the queue.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34872458

What's the message it's logging while it's stuck in the queue?

Chris
0
 

Author Comment

by:mray77
ID: 34874185
Identity: mail\9075\128950
Subject: last test
Internet Message ID: <CC6239D8EE38044C8E677E019F6A785A146079E4@mail.mydomain.com>
From Address: sender@mydomain.com
Status: Ready
Size (KB): 41
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 2/11/2011 9:52:52 AM
Expiration Time: 2/13/2011 9:52:52 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: mail\9075
Recipients:  someone@buckenmeyer-king-cpa.com
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34874219
Hmm well it does suggest that it hasn't figured out the PTR record yet, but I'd have expected it to refuse to talk to you using telnet if that were the case.

Is any mail flowing out?

Chris
0
 

Author Comment

by:mray77
ID: 34874238
Yes, currently that is the only external domain in the queue not sending.
0
 

Accepted Solution

by:
mray77 earned 0 total points
ID: 34951005
No forwarders were configured in DNS.
0
 

Author Closing Comment

by:mray77
ID: 34990707
No forwarders were configured in DNS.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question