DNS
--
Questions
--
Followers
Top Experts
PTR records and Office365
I had this question after viewing PTR Record issue on Office 365.
My customer has had just one bounce - an O365 message quoting a DNS PTR misconfiguration but not giving much in the way of details.
They send all their email via Office365 - no local servers, no hybrid.
Their domain A record - "<blah>.co.uk" - points to their webserver so that people can use their domain without www to go to the site. That server is not on Office 365, but elsewhere, and is shared with other sites.
Their office network is connected via a circuit with a public IP, which has an A record "office.<blah>.co.uk"
So do I need to create a PTR record for their office public IP, which points to office.<blah>.co.uk or should this point to <blah>.co.uk even though the A record for <blah>.co.uk points to their webserver not the office network???
I hope that question makes sense!
My customer has had just one bounce - an O365 message quoting a DNS PTR misconfiguration but not giving much in the way of details.
They send all their email via Office365 - no local servers, no hybrid.
Their domain A record - "<blah>.co.uk" - points to their webserver so that people can use their domain without www to go to the site. That server is not on Office 365, but elsewhere, and is shared with other sites.
Their office network is connected via a circuit with a public IP, which has an A record "office.<blah>.co.uk"
So do I need to create a PTR record for their office public IP, which points to office.<blah>.co.uk or should this point to <blah>.co.uk even though the A record for <blah>.co.uk points to their webserver not the office network???
I hope that question makes sense!
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
It would be more helpful if we actually saw this full bounce message (anonymize some important server names if you like).
All required DNS settings are explained on the domain setup in the Office 365 admin panel. All these DNS are input at where <blah>.co.uk is registered (either telling the support desk, or using a web panel config page).
Most likely, it's the other server doing VERY strict DNS lookups, and reverse DNS looup of the IP where the message was sent from is being blocked. Only the owner of that IP address can add a PTR record (ask your ISP helpdesk).
All required DNS settings are explained on the domain setup in the Office 365 admin panel. All these DNS are input at where <blah>.co.uk is registered (either telling the support desk, or using a web panel config page).
Most likely, it's the other server doing VERY strict DNS lookups, and reverse DNS looup of the IP where the message was sent from is being blocked. Only the owner of that IP address can add a PTR record (ask your ISP helpdesk).
Thanks for your reply.
The DNS settings for the domain are exactly as specified by Office 365. 99.99% of email is going normally - they've had just this one single bounce.
The question is about whether an additional PTR record is required for their office network, and the form it should take.
Here is the NDR including original message headers:
I have replaced all the names and subject - sender domain is <blah>.co.uk for consistency with original question.
[Additional info: I think, but I'm not 100% sure, that the recipient's email is forwarded to a hotmail account. So it is MS to MS!]
PTR-Bounce-Msg.docx
The DNS settings for the domain are exactly as specified by Office 365. 99.99% of email is going normally - they've had just this one single bounce.
The question is about whether an additional PTR record is required for their office network, and the form it should take.
Here is the NDR including original message headers:
I have replaced all the names and subject - sender domain is <blah>.co.uk for consistency with original question.
[Additional info: I think, but I'm not 100% sure, that the recipient's email is forwarded to a hotmail account. So it is MS to MS!]
PTR-Bounce-Msg.docx
If the other side has very strict rules (not only checking the Office 365 sending IP, but also the originating, i.e. your office IP), then a PTR record will help.
Except, your ISP (the actual owner of that IP address) has to set it.
Except, your ISP (the actual owner of that IP address) has to set it.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Thanks - that's part of the answer - "it will help".
Now - the detail bit - should the PTR record point to :
a) office.<blah>.co.uk (i.e. the same as the A record for their public IP), or
b) <blah>.co.uk (whose A record actually points to their external web server, not the office public IP).
(By the way, I know who needs to set it etc. - the question is specifically about the PTR content.
Currently their office public IP has a generic PTR record pointing to the ISP's name for the address.)
Now - the detail bit - should the PTR record point to :
a) office.<blah>.co.uk (i.e. the same as the A record for their public IP), or
b) <blah>.co.uk (whose A record actually points to their external web server, not the office public IP).
(By the way, I know who needs to set it etc. - the question is specifically about the PTR content.
Currently their office public IP has a generic PTR record pointing to the ISP's name for the address.)
The other server checks if it has a reverse DNS entry, and then checks that entry if that's correct.
I just read the full report, and YOU DO have reverse DNS already. Except, it's a fake hostname.
So example:
Step 1: IP: 8.8.8.8 resolves to abc.google.com
Step 2: abc.google.com resolves to 8.8.8.8
Right now in your case, step 2 doesn't work. Which is weird, because setting up step 1 is already done by the ISP, why not make it complete with step 2?
I just read the full report, and YOU DO have reverse DNS already. Except, it's a fake hostname.
So example:
Step 1: IP: 8.8.8.8 resolves to abc.google.com
Step 2: abc.google.com resolves to 8.8.8.8
Right now in your case, step 2 doesn't work. Which is weird, because setting up step 1 is already done by the ISP, why not make it complete with step 2?
So if I understand correctly, for this purpose it doesn't really matter what the name is, so long as IP -> "name" and "name" -> same IP ? Just consistency? So my office.<blah>.co.uk option a) would work?
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Thanks Kimputer - we will execute this solution.
DNS
--
Questions
--
Followers
Top Experts
The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.