eurobyteuk
asked on
Reverse DNS issues
Hi,
Sorry, silly question, but please can you save my bacon?
I've installed a server, all OK, installed Exchange Server 2010 also working EXCEPT that emails from and to AOL accounts (*@aol.com) bounce.
I think this is because AOL looks for a reverse DNS value, but I cannot for the life of me work out where or how to enter this value, and I don't know if it should be in the form mail.company.com, or the fixed ip address of the server getting the mail.
If it isn't too much hassle, could someone write me an idiot walkthrough of where to go and what to put?
Really appreciate it, and thank you in advance
Sorry, silly question, but please can you save my bacon?
I've installed a server, all OK, installed Exchange Server 2010 also working EXCEPT that emails from and to AOL accounts (*@aol.com) bounce.
I think this is because AOL looks for a reverse DNS value, but I cannot for the life of me work out where or how to enter this value, and I don't know if it should be in the form mail.company.com, or the fixed ip address of the server getting the mail.
If it isn't too much hassle, could someone write me an idiot walkthrough of where to go and what to put?
Really appreciate it, and thank you in advance
ASKER
Thank you so much for helping!
Results were:
Reverse DNS Lookup Results for 81.5.166.18
Target 81.5.166.18
Timeout Value 1 (default)
Your Overall Score Lookup failed
Score Details
•Failed retrieving record type from a name server.
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.All DNS requests start by asking the root servers, and they let us know what to do next.See How Reverse DNS Lookups Work for more information.
Referral Path:
C.ROOT-SERVERS.NET. [192.33.4.12] (31ms) > sns-pb.isc.org. [192.5.4.1] (76ms) > dns2.as12513.net. [212.104.130.67] (122ms)
Results found: 0
There is no need to refresh the page - to see the DNS traversal, to make sure that all DNS servers are reporting the same results, you can Click Here.
Note that these results are obtained in real-time, meaning that these are not cached results.These results are what DNS resolvers all over the world will see right now (unless they have cached information).
Results were:
Reverse DNS Lookup Results for 81.5.166.18
Target 81.5.166.18
Timeout Value 1 (default)
Your Overall Score Lookup failed
Score Details
•Failed retrieving record type from a name server.
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.All DNS requests start by asking the root servers, and they let us know what to do next.See How Reverse DNS Lookups Work for more information.
Referral Path:
C.ROOT-SERVERS.NET. [192.33.4.12] (31ms) > sns-pb.isc.org. [192.5.4.1] (76ms) > dns2.as12513.net. [212.104.130.67] (122ms)
Results found: 0
There is no need to refresh the page - to see the DNS traversal, to make sure that all DNS servers are reporting the same results, you can Click Here.
Note that these results are obtained in real-time, meaning that these are not cached results.These results are what DNS resolvers all over the world will see right now (unless they have cached information).
here is the TECHNET article on DNS, if you have trouble let me know and i will post a walkthrough.
rather teach you how to fisn then give you a fish.
http://technet.microsoft.com/en-us/library/cc816676(v=ws.10).aspx
rather teach you how to fisn then give you a fish.
http://technet.microsoft.com/en-us/library/cc816676(v=ws.10).aspx
ASKER
Hi Mr Edwards
OK, I tried to create a new reverse lookup zone, and it has informed me that the values I entered already exist.
I believe that what I have to do is to convert my fixed ip address into a mail.company.com name, is that right? I think it has to match my outgoing name mail.newmanstewart,co.uk and it doesn't.
Please could you tech me a bit more fishing?
Thanks!
OK, I tried to create a new reverse lookup zone, and it has informed me that the values I entered already exist.
I believe that what I have to do is to convert my fixed ip address into a mail.company.com name, is that right? I think it has to match my outgoing name mail.newmanstewart,co.uk and it doesn't.
Please could you tech me a bit more fishing?
Thanks!
yes your MX record needs to match your mail server name, and you have to have a reverse pointing to the same name.
for example foo.com:
FORWARD
smtp Host (A) 1.2.3.4
mail MX smtp.foo.com
REVERSE
4 Pointer smtp.foo.com
an easy way to do this is to go into your forward lookup zones and view the properties of a host. you should see hte ip address, and at the bottom there should be a check that says to create associated record, if you just highlight the last ip chnge it to a number and change it back, check the create associated record box and click apply it will create the reverse record for you.
there will be no reverse record for the MX, just the actual host.
i hope this clears it up
for example foo.com:
FORWARD
smtp Host (A) 1.2.3.4
mail MX smtp.foo.com
REVERSE
4 Pointer smtp.foo.com
an easy way to do this is to go into your forward lookup zones and view the properties of a host. you should see hte ip address, and at the bottom there should be a check that says to create associated record, if you just highlight the last ip chnge it to a number and change it back, check the create associated record box and click apply it will create the reverse record for you.
there will be no reverse record for the MX, just the actual host.
i hope this clears it up
from what i see all you have to do is go into your forward zone and select mail.domain,
change the IP address to X.X.X.12 then back to it's oigional click create pointer and click apply. you should be good to go then
change the IP address to X.X.X.12 then back to it's oigional click create pointer and click apply. you should be good to go then
or go into your reverse dns, right click and select new pointer and enter the information.
The reverse DNS record has to be created by whoever owns that zone in DNS, which is typically your ISP. Contact them ask request a reverse DNS record for your public IP address.
ASKER
OK, once again, thanks for the help
I've gone into the forward lookup zones of my DNS manager of the server which has Exchange 2010 on it, and there were four Named zones.
They are _msdcs.newmanstewart.local
All our emails are @newmanstewart.co.uk
I have created a new named forward lookup zone called mail.newmanstewart.co.uk
Is that the right thing to do?
Now I need to do the same for reverse ?
I think the record propagates from my server, I don't think I need to contact the isp, as the fixed ip is at my server, is that right?
Sorry if these questions are so simple as to be insulting, I really am trying hard here, and now understand the concept of swimming in treacle!
I've gone into the forward lookup zones of my DNS manager of the server which has Exchange 2010 on it, and there were four Named zones.
They are _msdcs.newmanstewart.local
All our emails are @newmanstewart.co.uk
I have created a new named forward lookup zone called mail.newmanstewart.co.uk
Is that the right thing to do?
Now I need to do the same for reverse ?
I think the record propagates from my server, I don't think I need to contact the isp, as the fixed ip is at my server, is that right?
Sorry if these questions are so simple as to be insulting, I really am trying hard here, and now understand the concept of swimming in treacle!
ASKER
Oh, and the only thing in reverse lookup zones is 0.168.192.in-addr.arpa
Adding reverse DNS records to your DNS server on your private LAN won't do anything to help with mail getting rejected from AOL. Whenever AOL's servers do a reverse lookup the DNS servers that respond belong to the owner of your public IP address.
If mail.newmanstewart.co.uk resolves to 81.5.166.18, then you need to have your service provider, whoever gave you the IP 81.5.166.18, create the reverse DNS record.
If mail.newmanstewart.co.uk resolves to 81.5.166.18, then you need to have your service provider, whoever gave you the IP 81.5.166.18, create the reverse DNS record.
ASKER
thank you for that, so one final check I have this right:
The reason that aol mail stops is because AOL have a tighter check than some on reverse DNS records, and that record needs to be set up by them?
The issue I have is that those providers wrote this to me:
Anyway, I've done a bit of digging and it seems the mostly problem here is a lack of reverse DNS on the exchange server's IP. If you go to this AOL tool http://postmaster.aol.com/cgi-bin/plugh/rdns.pl and input the IP address your mailserver (81.5.166.18) it fails the check.
Mark - you should check the rDNS and ensure it's set up on the IP. If not, then get it set up, let it propagate, check it again on the AOL tool, and hopefully that might fix the problem.
It's also a good idea to set up an SPF record on the domain - Mark, if you let us know what you want the SPF to be we can set that up, but in this case I doubt that's the issue (it wouldn't stop you receiving email from AOL.)
Anyhow, I hope someone can just help me get AOL emails sorted out to save my sanity, and possibly my job!
Your patience is appreciated
The reason that aol mail stops is because AOL have a tighter check than some on reverse DNS records, and that record needs to be set up by them?
The issue I have is that those providers wrote this to me:
Anyway, I've done a bit of digging and it seems the mostly problem here is a lack of reverse DNS on the exchange server's IP. If you go to this AOL tool http://postmaster.aol.com/cgi-bin/plugh/rdns.pl and input the IP address your mailserver (81.5.166.18) it fails the check.
Mark - you should check the rDNS and ensure it's set up on the IP. If not, then get it set up, let it propagate, check it again on the AOL tool, and hopefully that might fix the problem.
It's also a good idea to set up an SPF record on the domain - Mark, if you let us know what you want the SPF to be we can set that up, but in this case I doubt that's the issue (it wouldn't stop you receiving email from AOL.)
Anyhow, I hope someone can just help me get AOL emails sorted out to save my sanity, and possibly my job!
Your patience is appreciated
ASKER
By "them" in the previous post I meant to say my isp's
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
go to www.dnsstuff.com
in the first tab (DNSreport) enter your domain name foo.com
click the blue arrow. please post results