Solved

Is it OK to have 2 Reverse DNS records each at separate ISPs?

Posted on 2016-10-26
5
38 Views
Last Modified: 2016-11-18
I have an exchange server behind a Sonicwall and just added a second ISP with static IP for failover. In terms of outgoing email, I currently have a reverse dns entry for our domain at ISP 1. Can I add a second reverse DNS entry at ISP 2, in the event ISP1 is down and mail goes out ISP 2? (The thought being that the email will originate from the second ISP static IP, and a reverse look up will point to the same domain.
0
Comment
Question by:dseli
  • 2
  • 2
5 Comments
 
LVL 15

Assisted Solution

by:Ivan
Ivan earned 250 total points
ID: 41861249
Hi,

yes, you can and should add PTR record for secondary ISP link. If you don't have PTR and fallback to secondary link, some mail servers will reject/ spam your email. Also, configure new public DNS name for that public ip address, and configure additional MX record, with higher value then MX on ISP 1 link.

If you have configured SPF record, then modify it, and add value for secondary link.

Regards,
Ivan.
0
 
LVL 39

Accepted Solution

by:
footech earned 250 total points
ID: 41861444
Yes you should have a PTR record for the second ISP static IP.  Don't point it at the same name as you use for the IP from ISP 1, use a different one.  Create an A record with the new name to point at the IP from ISP 2.

Configuring another MX record for the secondary connection - even if you configure the MX record with lower priority (higher number) then your other, it's still possible that some mail could get sent to the lower priority MX.  You would have to determine if you want to allow incoming email on the secondary connection.
0
 

Author Comment

by:dseli
ID: 41892121
Thank You for your response. So to clarify, MX points to an external filter, so that would not need to change except the "forward to" if it has to forward to the mail server behind ISP2.  As far as the second PTR,  so if I had a PTR record at ISP 1, for example, ISP1 PTR----> 1.1.1.1 resolves to mail.domain.com, I can set up at ISP2 PTR ----> 2.2.2.2 resolves to mail2.domain.com with out any confusion on lookups?
0
 
LVL 39

Assisted Solution

by:footech
footech earned 250 total points
ID: 41892348
Yes, that's correct.
Recipients can be different in what they check.  Some don't check anything.  Some check that you have a PTR record, but don't care what it is.  Some check for forward confirmed reverse DNS (which is what I described above).  Other checks can be performed for SPF records, and whether your SMTP banner matches the name in your PTR record (this last one's pretty rare).
0
 

Author Closing Comment

by:dseli
ID: 41892859
Thank you for your reply!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now