dgintz1217
asked on
LI-22469-Fix Reverse DNS - Linux/Sendmail
I am getting the following error when sending an email from my Linux/Sendmail server:
========================== ========== ========== =======
Reporting-MTA: dns; mail.xyz.com
Received-From-MTA: DNS; [192.168.1.90]
Arrival-Date: Tue, 9 Jul 2013 12:57:38 -0500
Final-Recipient: RFC822; xyzuser@cox.net
Action: failed
Status: 5.5.0
Diagnostic-Code: SMTP; 554 eastrmimpi211 cox 11.222.15.22 rejected - no rDNS - Refer to Error Codes section at http://postmaster.cox.net/confluence/display/postmaster/Error+Codes for more information.
Last-Attempt-Date: Tue, 9 Jul 2013 12:57:41 -0500
Note: I changed values to the following in above message to mask identity-will reveal to specific experts when time comes:
mail.xyz.com - my mail server (masked)
11.222.15.22 - my external IP# for my mail server (masked)
========================== ========== ========== =======
Is there something/somewhere in my Linux/Sendmail/named records that I can put the "PTR" designator for the reverse DNS?
==========================
Reporting-MTA: dns; mail.xyz.com
Received-From-MTA: DNS; [192.168.1.90]
Arrival-Date: Tue, 9 Jul 2013 12:57:38 -0500
Final-Recipient: RFC822; xyzuser@cox.net
Action: failed
Status: 5.5.0
Diagnostic-Code: SMTP; 554 eastrmimpi211 cox 11.222.15.22 rejected - no rDNS - Refer to Error Codes section at http://postmaster.cox.net/confluence/display/postmaster/Error+Codes for more information.
Last-Attempt-Date: Tue, 9 Jul 2013 12:57:41 -0500
Note: I changed values to the following in above message to mask identity-will reveal to specific experts when time comes:
mail.xyz.com - my mail server (masked)
11.222.15.22 - my external IP# for my mail server (masked)
==========================
Is there something/somewhere in my Linux/Sendmail/named records that I can put the "PTR" designator for the reverse DNS?
ASKER
Here is the result of the dig -x:
========================== ========== ========== ========== ========== =
[root@mail:/var/named]$dig -x 22.333.15.22
; <<>> DiG 9.4.2b1 <<>> -x 22.333.15.22
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8272
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;22.15.333.11.in-addr.arpa . IN PTR
;; AUTHORITY SECTION:
11.in-addr.arpa. 10800 IN SOA z.arin.net. dns-ops.arin.net. 2013071009 1800 900 691200 10800
;; Query time: 53 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 10 11:36:56 2013
;; MSG SIZE rcvd: 97
Our IP# is the 22.333.15.22 (obviously masked) and the above is the result of what came back from the dig -x
(except the 11.333 are fake of course)
So maybe it looks to me like we CAN put that in?
What would we need to add and where would we put it on our linux system? named.conf? What would that entry look like?
Thanks!
========================== ========== ========== ========== ========== =
==========================
[root@mail:/var/named]$dig
; <<>> DiG 9.4.2b1 <<>> -x 22.333.15.22
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8272
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;22.15.333.11.in-addr.arpa
;; AUTHORITY SECTION:
11.in-addr.arpa. 10800 IN SOA z.arin.net. dns-ops.arin.net. 2013071009 1800 900 691200 10800
;; Query time: 53 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 10 11:36:56 2013
;; MSG SIZE rcvd: 97
Our IP# is the 22.333.15.22 (obviously masked) and the above is the result of what came back from the dig -x
(except the 11.333 are fake of course)
So maybe it looks to me like we CAN put that in?
What would we need to add and where would we put it on our linux system? named.conf? What would that entry look like?
Thanks!
==========================
ASKER
btw, I did:
dig -x 22.333.15.22 ns
also and got the same results.
dig -x 22.333.15.22 ns
also and got the same results.
ASKER
One more thing - if you determine that we cannot change our server to have that entry, is there something I should/can ask my internet provider to do so we DO have that capability?
Is it a GOOD thing or a BAD thing to have that setup on our own server?
Thanks!
Is it a GOOD thing or a BAD thing to have that setup on our own server?
Thanks!
You need to add "ns" at the end of that query:
dig -x 1.2.3.4 ns
to get the authoritative name servers.
And, to answer your other question: that depends. If you've been assigned a /24 or larger, it's very easy to have your inverse DNS re-delegated to you. If it's smaller than a /24, ask your provider to set up the PTR record(s) for you.
dig -x 1.2.3.4 ns
to get the authoritative name servers.
And, to answer your other question: that depends. If you've been assigned a /24 or larger, it's very easy to have your inverse DNS re-delegated to you. If it's smaller than a /24, ask your provider to set up the PTR record(s) for you.
ASKER
When I ran the command with the "ns" i got the exact same results.
Is there any command on linux and/or a website that I can go to - that would let me know that PTR records are actually setup?
What is the difference in output between an IP# that does and does-not have a PTR setup for reverse DNS?
Thanks!
Is there any command on linux and/or a website that I can go to - that would let me know that PTR records are actually setup?
What is the difference in output between an IP# that does and does-not have a PTR setup for reverse DNS?
Thanks!
Is your address space assigned to you from your provider? If, yes, what is the subnet?
Is your address space assigned to you from an RIR? If, yes, go to the RIR web site and set up name servers.
You can also do a:
dig -x 1.2.3.4 ns +trace
Is your address space assigned to you from an RIR? If, yes, go to the RIR web site and set up name servers.
You can also do a:
dig -x 1.2.3.4 ns +trace
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thanks very much - this was the problem - the IP provider had his rDNS messed up. Thanks so much!
dig -x <the ip of your server> ns
to determine which nameservers will be searched for a PTR record.
If yours is one of the servers that is authoritative for inverse DNS, then your named.conf will have that zone as master and the filename where the data is located.
Can you identify if you are authoritative for that inverse zone?