?
Solved

PTR Records hosting Multiple IPs

Posted on 2013-05-21
5
Medium Priority
?
354 Views
Last Modified: 2013-05-30
Is this something that is done?

Currently lets say I have my outbound email environment send out this domain mail.xxx.com. but we have 3 separate smtp server with different IP addresses pointing to said domain.

So when you do a reverse look each IP resolve back to mail.xxx.com.

Right now we seem to have a problem where certain mailserver would deny our mail because of inconsistent reverse lookup.

I take it this not a practice that is typically done. But this how I found it setup. Can someone confirm this is bad and how I should resolve it. I have an idea but would like to get other input to see if I am corrrect. Thanks for the help in advance.
0
Comment
Question by:NVoCurious
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Kent W
ID: 39186187
There is no issue if you have 3 IP addresses with PTRs set to the same host name.
Bad would be having the same IP with multiple host names.  (Similar to round-robin forward DNS).
The way you described your setup, there should be no issue.

Basically as long as you have rDNS,  and if possible, matching the forward DNS, you are good.
0
 

Author Comment

by:NVoCurious
ID: 39186210
Well we are getting some domains where it says that we are sending them inconsistant PTR information.

Where lets 111.111.111.111 is return all the time the reverse lookup  for mail.xxx.com. Even though the email comes from 111.111.111.222 or 111.111.222.111.

Also find out they setup mail.xxx.com as for owa and nothing to do with smtp for an A record that has no correlation to the 3 IPs for the smtp server could this be the reason.

How would resolve said issue?

Without breaking owa would we have to use a different FQDN on the outbound and create or adjust the PTR with the new FQDN?

Some a PTR record should have a matching A record is this the case?
0
 
LVL 12

Accepted Solution

by:
Kent W earned 2000 total points
ID: 39186250
Oh ok I understand a little more now. I would set like smtp1.domain.com, smtp2, etc for the SMTP servers individually. Set the PTR to match. Make sure you have forward A records matching and name the IPs in a SPF record giving the IPs authority to send for your domain.
Sounds like the complaint is bases on different IPs presenting themselves as the same rDNS. I've never seen a complaint like that, but many large providers are getting more and more anal retentive. :)
0
 

Author Comment

by:NVoCurious
ID: 39186257
Ok I figure that would up be the case. Thank you for your quick response. If I do this do you see a possible long outage or very little to no outage if I get the records out there first.
0
 
LVL 12

Expert Comment

by:Kent W
ID: 39186272
No there shouldn't really be any outage unless its a server already denying, then you would just pair for your TTLs to expire. Changing the DNS should only make things better, especially if you add an SPF Immediately.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question