?
Solved

Is it OK to have 2 Reverse DNS records each at separate ISPs?

Posted on 2016-10-26
5
Medium Priority
?
98 Views
Last Modified: 2016-11-18
I have an exchange server behind a Sonicwall and just added a second ISP with static IP for failover. In terms of outgoing email, I currently have a reverse dns entry for our domain at ISP 1. Can I add a second reverse DNS entry at ISP 2, in the event ISP1 is down and mail goes out ISP 2? (The thought being that the email will originate from the second ISP static IP, and a reverse look up will point to the same domain.
0
Comment
Question by:dseli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 17

Assisted Solution

by:Ivan
Ivan earned 1000 total points
ID: 41861249
Hi,

yes, you can and should add PTR record for secondary ISP link. If you don't have PTR and fallback to secondary link, some mail servers will reject/ spam your email. Also, configure new public DNS name for that public ip address, and configure additional MX record, with higher value then MX on ISP 1 link.

If you have configured SPF record, then modify it, and add value for secondary link.

Regards,
Ivan.
0
 
LVL 40

Accepted Solution

by:
footech earned 1000 total points
ID: 41861444
Yes you should have a PTR record for the second ISP static IP.  Don't point it at the same name as you use for the IP from ISP 1, use a different one.  Create an A record with the new name to point at the IP from ISP 2.

Configuring another MX record for the secondary connection - even if you configure the MX record with lower priority (higher number) then your other, it's still possible that some mail could get sent to the lower priority MX.  You would have to determine if you want to allow incoming email on the secondary connection.
0
 

Author Comment

by:dseli
ID: 41892121
Thank You for your response. So to clarify, MX points to an external filter, so that would not need to change except the "forward to" if it has to forward to the mail server behind ISP2.  As far as the second PTR,  so if I had a PTR record at ISP 1, for example, ISP1 PTR----> 1.1.1.1 resolves to mail.domain.com, I can set up at ISP2 PTR ----> 2.2.2.2 resolves to mail2.domain.com with out any confusion on lookups?
0
 
LVL 40

Assisted Solution

by:footech
footech earned 1000 total points
ID: 41892348
Yes, that's correct.
Recipients can be different in what they check.  Some don't check anything.  Some check that you have a PTR record, but don't care what it is.  Some check for forward confirmed reverse DNS (which is what I described above).  Other checks can be performed for SPF records, and whether your SMTP banner matches the name in your PTR record (this last one's pretty rare).
0
 

Author Closing Comment

by:dseli
ID: 41892859
Thank you for your reply!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question