Solved

Reverse DNS issues

Posted on 2013-01-18
14
576 Views
Last Modified: 2013-02-16
Hi,

Sorry, silly question, but please can you save my bacon?

I've installed a server, all OK, installed Exchange Server 2010 also working EXCEPT that emails from and to AOL accounts (*@aol.com) bounce.

I think this is because AOL looks for a reverse DNS  value, but I cannot for the life of me work out where or how to enter this value, and I don't know if it should be in the form mail.company.com, or the fixed ip address of the server getting the mail.

If it isn't too much hassle, could someone write me an idiot walkthrough of where to go and what to put?

Really appreciate it, and thank you in advance
0
Comment
Question by:eurobyteuk
  • 6
  • 5
  • 3
14 Comments
 
LVL 8

Expert Comment

by:R_Edwards
ID: 38794114
have you tested your reverse DNS?  
go to www.dnsstuff.com
in the first tab (DNSreport) enter your domain name foo.com
click the blue arrow. please post results
0
 

Author Comment

by:eurobyteuk
ID: 38794138
Thank you so much for helping!

Results were:

Reverse DNS Lookup Results for 81.5.166.18


Target 81.5.166.18
Timeout Value 1 (default)
Your Overall Score Lookup failed
Score Details
•Failed retrieving record type from a name server.
 
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.All DNS requests start by asking the root servers, and they let us know what to do next.See How Reverse DNS Lookups Work for more information.
Referral Path:

C.ROOT-SERVERS.NET. [192.33.4.12] (31ms) > sns-pb.isc.org. [192.5.4.1] (76ms) > dns2.as12513.net. [212.104.130.67] (122ms)

Results found: 0

There is no need to refresh the page - to see the DNS traversal, to make sure that all DNS servers are reporting the same results, you can Click Here.

Note that these results are obtained in real-time, meaning that these are not cached results.These results are what DNS resolvers all over the world will see right now (unless they have cached information).
0
 
LVL 8

Expert Comment

by:R_Edwards
ID: 38794160
here is the TECHNET article on DNS, if you have trouble let me know and i will post a walkthrough.

rather teach you how to fisn then give you a fish.

http://technet.microsoft.com/en-us/library/cc816676(v=ws.10).aspx
0
 

Author Comment

by:eurobyteuk
ID: 38794200
Hi Mr Edwards

OK, I tried to create a new reverse lookup zone, and it has informed me that the values I entered already exist.

I believe that what I have to do is to convert my fixed ip address into a mail.company.com name, is that right? I think it has to match my outgoing name mail.newmanstewart,co.uk and it doesn't.
Please could you tech me a bit more fishing?
Thanks!
0
 
LVL 8

Expert Comment

by:R_Edwards
ID: 38794264
yes your MX record needs to match your mail server name, and you have to have a reverse pointing to the same name.  

for example foo.com:

FORWARD
smtp     Host (A)           1.2.3.4              
mail       MX                   smtp.foo.com

REVERSE

4          Pointer          smtp.foo.com

an easy way to do this is to go into your forward lookup zones and view the properties of a host.  you should see hte ip address, and at the bottom there should be a check that says to create associated record, if you just highlight the last ip chnge it to a number and change it back, check the create associated record box and click apply it will create the reverse record for you.

there will be no reverse record for the MX, just the actual host.

i hope this clears it up
0
 
LVL 8

Expert Comment

by:R_Edwards
ID: 38794306
from what i see all you have to do is go into your forward zone and select mail.domain,
change the IP address to X.X.X.12 then back to it's oigional click create pointer and click apply.  you should be good to go then
0
 
LVL 8

Expert Comment

by:R_Edwards
ID: 38794308
or go into your reverse dns, right click and select new pointer and enter the information.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 10

Expert Comment

by:bigbigpig
ID: 38794396
The reverse DNS record has to be created by whoever owns that zone in DNS, which is typically your ISP.  Contact them ask request a reverse DNS record for your public IP address.
0
 

Author Comment

by:eurobyteuk
ID: 38794522
OK, once again, thanks for the help

I've gone into the forward lookup zones of my DNS manager of the server which has Exchange 2010 on it, and there were four Named zones.

They are _msdcs.newmanstewart.local; newmanstewart.local; remote.newmanstewart.co.uk and remote.newmanstewart.com

All our emails are @newmanstewart.co.uk

I have created a new named forward lookup zone called mail.newmanstewart.co.uk

Is that the right thing to do?

Now I need to do the same for reverse ?

I think the record propagates from my server, I don't think I need to contact the isp, as the fixed ip is at my server, is that right?

Sorry if these questions are so simple as to be insulting, I really am trying hard here, and now understand the concept of swimming in treacle!
0
 

Author Comment

by:eurobyteuk
ID: 38794533
Oh, and the only thing in reverse lookup zones is 0.168.192.in-addr.arpa
0
 
LVL 10

Expert Comment

by:bigbigpig
ID: 38794562
Adding reverse DNS records to your DNS server on your private LAN won't do anything to help with mail getting rejected from AOL.  Whenever AOL's servers do a reverse lookup the DNS servers that respond belong to the owner of your public IP address.

If mail.newmanstewart.co.uk resolves to 81.5.166.18, then you need to have your service provider, whoever gave you the IP 81.5.166.18, create the reverse DNS record.
0
 

Author Comment

by:eurobyteuk
ID: 38794586
thank you for that, so one final check I have this right:

The reason that aol mail stops is because AOL have a tighter check than some on reverse DNS records, and that record needs to be set up by them?

The issue I have is that those providers wrote this to me:

Anyway, I've done a bit of digging and it seems the mostly problem here is a lack of reverse DNS on the exchange server's IP. If you go to this AOL tool http://postmaster.aol.com/cgi-bin/plugh/rdns.pl and input the IP address your mailserver (81.5.166.18) it fails the check.

Mark - you should check the rDNS and ensure it's set up on the IP. If not, then get it set up, let it propagate, check it again on the AOL tool, and hopefully that might fix the problem.

It's also a good idea to set up an SPF record on the domain - Mark, if you let us know what you want the SPF to be we can set that up, but in this case I doubt that's the issue (it wouldn't stop you receiving email from AOL.)

Anyhow, I hope someone can just help me get AOL emails sorted out to save my sanity, and possibly my job!

Your patience is appreciated
0
 

Author Comment

by:eurobyteuk
ID: 38794590
By  "them" in the previous post I meant to say my isp's
0
 
LVL 10

Accepted Solution

by:
bigbigpig earned 500 total points
ID: 38794629
That's right, you want your public IP (81.5.166.18) to be added to reverse DNS by  your ISP to resolve to main.newmanstewart.co.uk.  It may take a while to propogate.  Typically they will tell you 48 hours but usually doesn't take quite that long.  A lot of times it's just an hour or 2.

SPF records are good to have and will help protect against mail delays like greylisting.  Create a SPF record using the Microsoft wizard here, then add this to your DNS.  It needs to be added to your DNS of your domain, not the internal DNS.  So if you registered the domain with GoDaddy, and GoDaddy controls the DNS records for your domain, then log in and do it there.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
Experts-Exchange users below are the steps you can follow to upgrade your Lync server to latest CU's or cumulative updates. Note: Perform it during non-production hours.   Step 1: Backup your lync and SQL server database. Follow below article: h…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now