We help IT Professionals succeed at work.

Reverse DNS issue because IP was/is Blacklisted

Our email server was compromised and with the help of Microsoft we were able to cleanup the server, eliminate the trojans and/or bots, and I am in the process or installing a new firewall.  During the cleanup process I contacted the three blacklisted companys that had our IP blacklisted.  I was able, fairly quickly, to rectify two out of the three.  However, the last company mentioned that according to "best practices" we should change our Revese DNS from the AT&T....blah,blah,blah designation to mail.ourdomainname.com.

Here's my questions:   We are running SBS 2003 with Exchange 2003.
1.  I can do this, but do i also have make any configuration changes in Exchange, if so, please detail where is specify the reverse DNS
2.  Once done this DNS change is made do we need to wait until the propogation (24-48 hrs) is complete before we can send email?

Thanks in advance for your assistance...
Watch Question

it wouldn't be done locally unless you're hosting your own authoritative DNS. you'd have to contact your DNS host to find out how to change that.

basically what's happening is instead of an outsider saying "hey gimme an IP for www.joeshmoe.com" it's saying "hey, who is for real" and the reverse lookup is throwing back the root name assigned by your ISP, which is apparently AT&T


Dangle79:  So, there is no config change anywhere in Exchange on my SBS Exchange, YES?

Next, becasue this is a DNS change will I have to wait to send/receive email because of the propogation of the reverse DNS designation?  I am trying to determine if I should have AT&T do this Reverse DNS change Friday afternoon so that the propogation will occur over the week end rather than during the week.  I hope I am making myself as clear as mud!  Thanks again for your speedy reply.
It's pretty non-typical for a DNSBL host to deny removing you from their list based purely on the fact that your reverse lookup doesn't match. I'm not even sure that mine matches. But, sometimes they do take a while for their databases to update once you've requested removal. Some even have a sort of probationary period where they'll keep you in a sort of limbo for 24 hours.

But, to answer your question, no there's nothing in Exchange regarding reverse lookup records on public DNS. It's 100% outside your organization; especially given that, as in this case, third-parties will use it to validate the identity of connecting hosts. As for whether it prevents you from sending email, that depends on who you send it to. This is really someone's receiving smart host configured to query a DNSBL provider for inbound messages. If you have a message bound for a host that uses a DNSBL that has you blacklisted in their database, they'll deny your connection. For all others it's business as usual.

I don't see any reason you would need to concern yourself with any down time as 99% of all DNS queries are forward lookup, which you're not tinkering with.
Alan HardistyCo-Owner
Top Expert 2011
Reverse DNS is setup by your ISP on your fixed IP address not in DNS.

You should check your FQDN on your SMTP Virtual Server (properties)> Delivery Tab> Advanced Button.

This should ideally match your Reverse DNS record.

What is important is that the FQDN setup as your Reverse DNS record resolves in DNS to the IP address that you are sending from.  That's it.

So if you use mail.domain.com as your Reverse DNS record and your Fixed IP is, then mail.domain.com MUST resolve to IP


Many thanks for the speedy replies.  Yes, I made the request for mail.domainname.com changes with AT&T.  All is well.  Good job.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.