Avatar of Gordon Tin
Gordon Tin
 asked on

Where should I create my PTR record if we plan to use GoDaddy Premium as my DNS ?

Background

------------

1 We have our own EMail Server Exchange 2016 with a dedicated public IP leased by ISP

2. Currently, we are using ISP's DNS Server but planning to use Premium DNS Service from GoDaddy.


Asking ISP to change DNS record(s) is a troublesome process and we plan to use  Premium DNS service from GoDaddy.

I created an DNS zone for my domain and added most of the DNS records on GoDaddy DNS zone but I can't find setting available for "PTR". 

suddenly, I realised that GoDaddy doesn't own the public IP of my email server, therefore, it make sense that I shouldn't be able to create Reverse DNS record at Godaddy. (Am I correct???)


My problem is where should I create the PTR record? 

(PTR is needed for email server).

(ISP already has the reverse DNS records to resolve IP to hostname. )


What should I do in order to use Premium DNS of GoDaddy?


If I am anything incorrect regarding DNS, please correct me.




 


DNSExchangeEmail Servers

Avatar of undefined
Last Comment
David Favor

8/22/2022 - Mon
SOLUTION
DEMAN-BARCELO (MVP) Thierry

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
footech

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Gordon Tin

ASKER
All advises are valuable to me.

The reason that I would like to use third party DNS service because I am in the steps of migrating all users (AD or Exchange) from local to Azure + Microsoft 365 (exchange). I will go for hybrid approach. In the coming steps, I can see that I will have to modify the DNS records of public DNS Server (ISP) several times.

Asking ISP to modify DNS record on their DNS Server, I need their approval with proper application form and it is chargeable for each DNS record(s).

Therefore, using a controllable DNS is better option to us, at least during the migration period.

 Conclusion:
I already have Reverse DNS records on ISP DNS Server. I am safe to switch to Godaddy's premium dns.

We have already paid for 2 yrs of Premium DNS GoDaddy. around USD32 per year. I will look for better DNS service provider after 2 years or if I completed the migration, I will switch back to my ISP DNS server as it is free as long as I don't need to modify DNS records.

I will keep the Question open for a week. I am happy to receive more advise.

 
 

 



Jeff Glover

To make it simple, your conclusion is correct. As long as the A record your current PTR is linked to is recreated in GoDaddy DNS, then the current PTR record will continue to function just fine.
David Favor

Any PTR records setup with your ISP, will continue to work, independent of where you host your DNS (Zone records).
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Gordon Tin

ASKER
Dear All

I checked using https://lookup.abusix.com/search?q=136.49.72.51. Our domain and Ip is fine.

At this stage, I used completed all my DNS Records using GoDaddy tools. I modified the SPF and newly added Dmarc. I am not sure whether I am doing the Dmarc right or not. I am not planning to use DKIM. I appreciate if you guys can have a quick look for me. (ip/dmain changed a little to protect real domain)


$ORIGIN xyz.mo.

; SOA Record
@   3600    IN    SOA   pdns05.domaincontrol.com.   dns.jomax.net. (
               2021110500
               28800
               7200
               604800
               3600
               )

; A Record
@   3600    IN    A   202.175.123.123
www   3600    IN    A   202.175.123.456

; TXT Record
@   3600    IN    TXT   "v=spf1 mx a a:mail.xyz.mo ip4:202.175.123.123 ~all"
_dmarc   3600    IN    TXT   "v=DMARC1; p=reject; rua=mailto:sysadmin@xyz.mo; ruf=mailto:sysadmin@xyz.mo; fo=1; pct=100"

; CNAME Record
autodiscover   3600    IN    CNAME   @
ftp   3600    IN    CNAME   www.xyz.mo.
legacy   3600    IN    CNAME   @
mail   3600    IN    CNAME   @
_domainconnect   3600    IN    CNAME   _domainconnect.gd.domaincontrol.com.

; NS Record
@   3600    IN    NS   pdns05.domaincontrol.com.
@   3600    IN    NS   pdns06.domaincontrol.com.

; MX Record
@   3600    IN    MX   10   mail.xyz.mo.







ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Gordon Tin

ASKER
Thank you all specially David for valuable advise.

I already get my DKIM working. Full tested -- DKIM pass for outgoing mail

I already switched to GoDaddy premium DNS. Full tested -- NSlookup as expected 

I modified that DMARC TXT record, P=quarantine and I use percentage PCT=20.

I will keep monitoring the result and I will step by step increase the percentage.

Is there anything else that I should pay attention??
David Favor

Aside: p=quarantine is generally misunderstood, due to DMARC docs + how Mailbox Providers implement this practically.

For example, here's how Google/Gmail handles this.

1) DMARC p=reject, mail blocked for submission for any failure.

2) DMARC p=none, mail accepted ... then once mail is accepted, initial failures are classified as SPAM.

Once enough people flag the message as HAM (not SPAM) by moving to the message to their INBOX... over time... you have a chance of the auto-SPAM-classification being lifted.

Note: This only works today, in the future p=reject will be mandatory for any mail acceptance, so best implement this today.

3) DMARC p=quarantine, super ugly as mail is...

a) Accepted.

b) Any breakage results in SPAM classification.

c) SPAM classification is static... so even if 1,000,000s of messages are manually moved from SPAM folders to INBOX folders, any future mail is still SPAM. Forever. No exception.

4) The above suggests you only use p=none till you can switch to p=reject, as p=quarantine produces the absolute worst of all results.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.