Solved

I have one email server with one IP, but several forward lookup zones in DNS. How should I set up the PTR records?

Posted on 2014-11-19
3
298 Views
Last Modified: 2014-11-20
I have one Windows 2008 r2 machine with one IP Address serving up email for fourteen different domains. Not Active Directory domains, I only have one Active Directory domain, I'm just talking domains that we own the name of and want to provide email for [eg. MyCompany.com, MyCompany.net, MySideVenture.com, MyHobby.net, etc]. I have two Windows 2008 r2 servers on the outside of my network - Internet facing - which is authoritative for all of these forward lookup zones, and it has one reverse lookup zone. No, we don't use our ISP for DNS, even though that would be infinitely easier. We want the control.

How should I have my reverse lookup set up?

Should I have an A record for this email server in each forward lookup zone [eg. mail.MyCompany.com, mail.MyCompany.net, mail.MySideVenture.com, mail.MyHobby.net] and a corresponding PTR record in the reverse lookup zone for each of those A records, so that I end up having fourteen PTR records pointing to one IP Address?

Should I have only one PTR record in the reverse lookup zone pointing to the actual host name of the email server rather than "mail....."?

Need help, please. And thanks!
0
Comment
Question by:TronairInc
  • 2
3 Comments
 
LVL 12

Accepted Solution

by:
serchlop earned 500 total points
ID: 40454033
Hi

PTR records point  from IP to domain names, that's why you should create only one record for your email server even if you use many domains.

The problem here is that in most cases, PTR records are hosted with ISP, and only in some cases where final user has a c class, reverse internet facing IP coulb be resolved by your own DNS server.

Here a link with some info

http://en.wikipedia.org/wiki/Reverse_DNS_lookup
0
 

Author Closing Comment

by:TronairInc
ID: 40455198
Serchlop.

You were 100% correct.

I've removed all PTR records that point to "mail...", added one PTR record that points straight to the FQDN and external IP address of my Exchange server, and within a minute the propagation was tearing across the Interwebs. I noticed mail that had been hung up as rejected by the other end now flowing through the email que without incident.

So the final answer on this question is, regardless of how many email domains you have, stick to having only one PTR per email server in your reverse lookup zone that points directly to the FQDN and external IP of that email server.

I've been beating my head on this issue all week. 1000x thank you!
0
 
LVL 12

Expert Comment

by:serchlop
ID: 40455577
Another important record to avoid being blocked by antispam providers could be the use of SPF record for your domain, using the name for your mail server or the IP address for it.

Some info for SPF Records
https://support.microsoft.com/kb/2640313?wa=wsignin1.0

And a wizard to generate your SPF record for each domain.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cannot install .NET FRAMEWORK 4.61 or update KB2919355 on SERVER 2012 r2 27 467
Public DNS 2 41
DNS @ Naked Domain Record 5 64
Vpn Server 2012 not working Draytek Vigor 2830 2 28
Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now