TronairInc
asked on
I have one email server with one IP, but several forward lookup zones in DNS. How should I set up the PTR records?
I have one Windows 2008 r2 machine with one IP Address serving up email for fourteen different domains. Not Active Directory domains, I only have one Active Directory domain, I'm just talking domains that we own the name of and want to provide email for [eg. MyCompany.com, MyCompany.net, MySideVenture.com, MyHobby.net, etc]. I have two Windows 2008 r2 servers on the outside of my network - Internet facing - which is authoritative for all of these forward lookup zones, and it has one reverse lookup zone. No, we don't use our ISP for DNS, even though that would be infinitely easier. We want the control.
How should I have my reverse lookup set up?
Should I have an A record for this email server in each forward lookup zone [eg. mail.MyCompany.com, mail.MyCompany.net, mail.MySideVenture.com, mail.MyHobby.net] and a corresponding PTR record in the reverse lookup zone for each of those A records, so that I end up having fourteen PTR records pointing to one IP Address?
Should I have only one PTR record in the reverse lookup zone pointing to the actual host name of the email server rather than "mail....."?
Need help, please. And thanks!
How should I have my reverse lookup set up?
Should I have an A record for this email server in each forward lookup zone [eg. mail.MyCompany.com, mail.MyCompany.net, mail.MySideVenture.com, mail.MyHobby.net] and a corresponding PTR record in the reverse lookup zone for each of those A records, so that I end up having fourteen PTR records pointing to one IP Address?
Should I have only one PTR record in the reverse lookup zone pointing to the actual host name of the email server rather than "mail....."?
Need help, please. And thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another important record to avoid being blocked by antispam providers could be the use of SPF record for your domain, using the name for your mail server or the IP address for it.
Some info for SPF Records
https://support.microsoft.com/kb/2640313?wa=wsignin1.0
And a wizard to generate your SPF record for each domain.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
Some info for SPF Records
https://support.microsoft.com/kb/2640313?wa=wsignin1.0
And a wizard to generate your SPF record for each domain.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
ASKER
You were 100% correct.
I've removed all PTR records that point to "mail...", added one PTR record that points straight to the FQDN and external IP address of my Exchange server, and within a minute the propagation was tearing across the Interwebs. I noticed mail that had been hung up as rejected by the other end now flowing through the email que without incident.
So the final answer on this question is, regardless of how many email domains you have, stick to having only one PTR per email server in your reverse lookup zone that points directly to the FQDN and external IP of that email server.
I've been beating my head on this issue all week. 1000x thank you!