rDNS?

Ruler2112

Ruler2112

I set up and currently run a small mail server for my company and ran into something this past weekend. I tried sending mail to somebody who had a bandsaw for sale on craigslist, but got a bounce saying that rDNS isn't set up correctly. This is the first time I've run into the problem and don't even remember anything about rDNS when I first configured the machine.

I have a slew of domain names configured to resolve to the same IP. Half a dozen of these got shifted over to another mail server about 6 months ago, but the rest still resolve to my machine. I'm using one of the domains that does resolve to my IP and BIND correctly resolves names to my public IP.

Is there a how-to or instructional article on how to set this up that a person who doesn't know or particularly care the details of how DNS works can follow? I've done searches online, but everything that comes up is way over my head. :(
 
You need to contact your ISP and ask him to point rDNS to your domain

rDNS must match your smtp server's domain name

For example
smtp.bsdroot.lv is sending mail, it has 83.241.11.135 IP address

reverse dns should point to
Code: 
;; ANSWER SECTION:
135.11.241.83.in-addr.arpa. 86400 IN	PTR	smtp.bsdroot.lv.

to make rDNS lookup use -x switch for dig

$ dig +x 83.241.11.135
 
This is not something that I'm able to do in my BIND server configuration then??? Do I need to request one for each domain that is on the box?
 
Yes, as far as I understand (I'm not that deep in understanding rDNS) you need Reverse DNS record for every IP you have (for server), but frankly, having 1 rDNS for SMTP server is enough to send mail (AFAIK)

I had some nice site explaining all this, but I can't locate it anymore...
 
Ruler2112 said:
This is not something that I'm able to do in my BIND server configuration then??? Do I need to request one for each domain that is on the box?
Click to expand...
One solution would be to have your ISP delegate the control to you. But if you don't have a class C network then that would require a classless delegation which is more complicated to set up. Try have them create the reverse resolution in their name servers. It is easier and faster.
 
Reverse DNS should never be a requirement for accepting mail from you, it's a nice convinience but requiring it is just retarded.
 
Thanks for the help smurf. I'll read over the link and most likely call my ISP to have them do it. I don't like complicated if it's avoidable... ;)

Requiring rDNS may be retarded, but I really can't do anything about craigslist requiring it. :(
 
The error on Craigslist is not specifically about your mailserver! Mailservers (like Craigslist's in this case) routinely take the connecting IP address, resolve it, and then resolve the result back again. These should match. If they don't, some mailservers will just complain in their own log files ('possible fraud', 'untrusted'), others will take sterner measures and refuse to talk to you. Their prerogative!

The problem is that the IP address you arrive from either has a) no reverse DNS entry at all, or b) has a reverse DNS entry that does not resolve back to the proper A record. Example:

1. you have IP 123.123.123.123, reverse DNS does not exist at all: not found
2. you have IP 123.123.123.123, reverse DNS is host123.host.com., but host123.host.com does not exist, or resolves to a different IP address

To take Craigslist itself as an example of a proper DNS/rDNS setup:

Code: 
> dig A [B]mxi5p.craigslist.org.[/B] +short
[B]208.82.236.165[/B]

> dig -x [B]208.82.236.165[/B] +short                                                                                           
[B]mxi5p.craigslist.org.[/B]

Do the same thing with your public IP address and see if these records match in the same way. Your ISP should make sure they do.

Note: the fact you have something in your DNS like mail.mycompany.com pointing to your IP address is irrelevant! It's the reverse DNS lookup of your IP address that mailservers you're connecting to work with. The resulting hostname must resolve to that same IP address.
 
You must log in or register to reply here.
Back
Top