Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Reverse DNS issue because IP was/is Blacklisted

Posted on 2012-03-14
Medium Priority
Last Modified: 2012-03-16
Our email server was compromised and with the help of Microsoft we were able to cleanup the server, eliminate the trojans and/or bots, and I am in the process or installing a new firewall.  During the cleanup process I contacted the three blacklisted companys that had our IP blacklisted.  I was able, fairly quickly, to rectify two out of the three.  However, the last company mentioned that according to "best practices" we should change our Revese DNS from the AT&T....blah,blah,blah designation to

Here's my questions:   We are running SBS 2003 with Exchange 2003.
1.  I can do this, but do i also have make any configuration changes in Exchange, if so, please detail where is specify the reverse DNS
2.  Once done this DNS change is made do we need to wait until the propogation (24-48 hrs) is complete before we can send email?

Thanks in advance for your assistance...
Question by:infosys3
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 37722203
it wouldn't be done locally unless you're hosting your own authoritative DNS. you'd have to contact your DNS host to find out how to change that.

basically what's happening is instead of an outsider saying "hey gimme an IP for" it's saying "hey, who is for real" and the reverse lookup is throwing back the root name assigned by your ISP, which is apparently AT&T

Author Comment

ID: 37722366
Dangle79:  So, there is no config change anywhere in Exchange on my SBS Exchange, YES?

Next, becasue this is a DNS change will I have to wait to send/receive email because of the propogation of the reverse DNS designation?  I am trying to determine if I should have AT&T do this Reverse DNS change Friday afternoon so that the propogation will occur over the week end rather than during the week.  I hope I am making myself as clear as mud!  Thanks again for your speedy reply.

Accepted Solution

Dangle79 earned 1800 total points
ID: 37722418
It's pretty non-typical for a DNSBL host to deny removing you from their list based purely on the fact that your reverse lookup doesn't match. I'm not even sure that mine matches. But, sometimes they do take a while for their databases to update once you've requested removal. Some even have a sort of probationary period where they'll keep you in a sort of limbo for 24 hours.

But, to answer your question, no there's nothing in Exchange regarding reverse lookup records on public DNS. It's 100% outside your organization; especially given that, as in this case, third-parties will use it to validate the identity of connecting hosts. As for whether it prevents you from sending email, that depends on who you send it to. This is really someone's receiving smart host configured to query a DNSBL provider for inbound messages. If you have a message bound for a host that uses a DNSBL that has you blacklisted in their database, they'll deny your connection. For all others it's business as usual.

I don't see any reason you would need to concern yourself with any down time as 99% of all DNS queries are forward lookup, which you're not tinkering with.
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 200 total points
ID: 37722547
Reverse DNS is setup by your ISP on your fixed IP address not in DNS.

You should check your FQDN on your SMTP Virtual Server (properties)> Delivery Tab> Advanced Button.

This should ideally match your Reverse DNS record.

What is important is that the FQDN setup as your Reverse DNS record resolves in DNS to the IP address that you are sending from.  That's it.

So if you use as your Reverse DNS record and your Fixed IP is, then MUST resolve to IP

Author Closing Comment

ID: 37731501
Many thanks for the speedy replies.  Yes, I made the request for changes with AT&T.  All is well.  Good job.

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question