Link to home
Create AccountLog in
Avatar of dgintz1217
dgintz1217

asked on

LI-22469-Fix Reverse DNS - Linux/Sendmail

I am getting the following error when sending an email from my Linux/Sendmail server:


=====================================================
Reporting-MTA: dns; mail.xyz.com
Received-From-MTA: DNS; [192.168.1.90]
Arrival-Date: Tue, 9 Jul 2013 12:57:38 -0500

Final-Recipient: RFC822; xyzuser@cox.net
Action: failed
Status: 5.5.0
Diagnostic-Code: SMTP; 554 eastrmimpi211 cox 11.222.15.22 rejected - no rDNS - Refer to Error Codes section at http://postmaster.cox.net/confluence/display/postmaster/Error+Codes for more information.
Last-Attempt-Date: Tue, 9 Jul 2013 12:57:41 -0500



Note: I changed values to the following in above message to mask identity-will reveal to specific experts when time comes:

mail.xyz.com - my mail server (masked)
11.222.15.22 - my external IP# for my mail server (masked)
=====================================================

Is there something/somewhere in my Linux/Sendmail/named records that I can put the "PTR" designator for the reverse DNS?
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image

You provider will have been allocated address space and some of which has been assigned to you.

dig -x <the ip of your server> ns

to determine which nameservers will be searched for a PTR record.

If yours is one of the servers that is authoritative for inverse DNS, then your named.conf will have that zone as master and the filename where the data is located.

Can you identify if you are authoritative for that inverse zone?
Avatar of dgintz1217
dgintz1217

ASKER

Here is the result of the dig -x:
===================================================================
[root@mail:/var/named]$dig -x 22.333.15.22

; <<>> DiG 9.4.2b1 <<>> -x 22.333.15.22
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8272
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;22.15.333.11.in-addr.arpa.     IN      PTR

;; AUTHORITY SECTION:
11.in-addr.arpa.        10800   IN      SOA     z.arin.net. dns-ops.arin.net. 2013071009 1800 900 691200 10800

;; Query time: 53 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 10 11:36:56 2013
;; MSG SIZE  rcvd: 97

Our IP# is the 22.333.15.22 (obviously masked) and the above is the result of what came back from the dig -x
(except the 11.333 are fake of course)

So maybe it looks to me like we CAN put that in?

What would we need to add and where would we put it on our linux system? named.conf?  What would that entry look like?

Thanks!
===================================================================
btw, I did:

dig -x 22.333.15.22 ns

also and got the same results.
One more thing - if you determine that we cannot change our server to have that entry, is there something I should/can ask my internet provider to do so we DO have that capability?  

Is it a GOOD thing or a BAD thing to have that setup on our own server?

Thanks!
You need to add "ns" at the end of that query:

dig -x 1.2.3.4 ns

to get the authoritative name servers.

And, to answer your other question:  that depends.  If you've been assigned a /24 or larger, it's very easy to have your inverse DNS re-delegated to you.  If it's smaller than a /24, ask your provider to set up the PTR record(s) for you.
When I ran the command with the "ns" i got the exact same results.

Is there any command on linux and/or a website that I can go to - that would let me know that PTR records are actually setup?

What is the difference in output between an IP# that does and does-not have a PTR setup for reverse DNS?

Thanks!
Is your address space assigned to you from your provider?  If, yes, what is the subnet?

Is your address space assigned to you from an RIR?  If, yes, go to the RIR web site and set up name servers.

You can also do a:

dig -x 1.2.3.4 ns +trace
ASKER CERTIFIED SOLUTION
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Thanks very much - this was the problem - the IP provider had his rDNS messed up.  Thanks so much!