> Tom, when your mail server establishes a connection to another host, the > receiving host will likely automatically check the PTR record of the IP > address your server used as it's source address. This PTR record should > have a corresponding A record that points to the same IP address that > was looked up in the PTR record. This is sometimes referred to as a > "verified" hostname. Without this, receiving mail servers may sometimes > log your rDNS as unknown, which can look spammy to subsequent spam > filters. You can have any number of other A records that point to your > server, they are irrelevant to PTR verification. > > Example: > > Your reverse zone: > 1.1.1.1.in-addr.arpa. IN PTR mail.adi.com. > > Your adi.com zone: > mail.adi.com. IN A 1.1.1.1 > smtp.adi.com. IN A 1.1.1.1 > www.adi.com. IN A 1.1.1.1 > foo.adi.com. IN CNAME www.adi.com. > > All the matters to PTR verification is that 1.1.1.1 has a PTR record and > that PTR record exists as an A or CNAME that eventually points back to > 1.1.1.1 > > As others have pointed out, this is best common practice for outgoing > mail servers aka mail relays; However, I generally recommend having > valid PTR records and having matching forward records for any servers. > Maybe it's just me, but most of my server's send email - even MX servers > (they do create NDR notices from time to time). > > --Blake
That is mostly how I thought it worked. What I had in mind more specifically was: adi.com zone: mackerel.adi.com. IN A 75.100.245.141 mackerel.adi.com. IN A 96.85.104.76 reverse zones: 141.245.100.75.in-addr.arpa. IN PTR mackerel.adi.com 76.104.85.96.in-addr.arpa. (not yet set up) With mail going out on only 75.100.245.141 but receiving mail on both. But receiving mail on both was more work than I had expected, so I am not going to set that up. When reverse for 96.85.104.76 is finally set up I will just do a late night switch over. > > Thomas Schulz wrote on 3/17/2016 8:53 AM: > > This is not a BIND question but I hope people here will know the answer. > > We are switching service providers and I understand that many email SPAM > > prevention systems insist on the reverse DNS matching the forward DNS. > > If I have two A records for our mail server and the reverse record matches > > one of them, will that be good enough. Or will the fact that the other A > > record does not match cause trouble. Tom Schulz Applied Dynamics Intl. sch...@adi.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
