Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

I have one email server with one IP, but several forward lookup zones in DNS. How should I set up the PTR records?

Posted on 2014-11-19
3
Medium Priority
?
328 Views
Last Modified: 2014-11-20
I have one Windows 2008 r2 machine with one IP Address serving up email for fourteen different domains. Not Active Directory domains, I only have one Active Directory domain, I'm just talking domains that we own the name of and want to provide email for [eg. MyCompany.com, MyCompany.net, MySideVenture.com, MyHobby.net, etc]. I have two Windows 2008 r2 servers on the outside of my network - Internet facing - which is authoritative for all of these forward lookup zones, and it has one reverse lookup zone. No, we don't use our ISP for DNS, even though that would be infinitely easier. We want the control.

How should I have my reverse lookup set up?

Should I have an A record for this email server in each forward lookup zone [eg. mail.MyCompany.com, mail.MyCompany.net, mail.MySideVenture.com, mail.MyHobby.net] and a corresponding PTR record in the reverse lookup zone for each of those A records, so that I end up having fourteen PTR records pointing to one IP Address?

Should I have only one PTR record in the reverse lookup zone pointing to the actual host name of the email server rather than "mail....."?

Need help, please. And thanks!
0
Comment
Question by:TronairInc
  • 2
3 Comments
 
LVL 12

Accepted Solution

by:
serchlop earned 2000 total points
ID: 40454033
Hi

PTR records point  from IP to domain names, that's why you should create only one record for your email server even if you use many domains.

The problem here is that in most cases, PTR records are hosted with ISP, and only in some cases where final user has a c class, reverse internet facing IP coulb be resolved by your own DNS server.

Here a link with some info

http://en.wikipedia.org/wiki/Reverse_DNS_lookup
0
 

Author Closing Comment

by:TronairInc
ID: 40455198
Serchlop.

You were 100% correct.

I've removed all PTR records that point to "mail...", added one PTR record that points straight to the FQDN and external IP address of my Exchange server, and within a minute the propagation was tearing across the Interwebs. I noticed mail that had been hung up as rejected by the other end now flowing through the email que without incident.

So the final answer on this question is, regardless of how many email domains you have, stick to having only one PTR per email server in your reverse lookup zone that points directly to the FQDN and external IP of that email server.

I've been beating my head on this issue all week. 1000x thank you!
0
 
LVL 12

Expert Comment

by:serchlop
ID: 40455577
Another important record to avoid being blocked by antispam providers could be the use of SPF record for your domain, using the name for your mail server or the IP address for it.

Some info for SPF Records
https://support.microsoft.com/kb/2640313?wa=wsignin1.0

And a wizard to generate your SPF record for each domain.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month13 days, 10 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question