Re: Multiple A records and reverse DNS
> > That is mostly how I thought it worked. What I had in mind more > > specifically was: > > > > adi.com zone: > > mackerel.adi.com. IN A 75.100.245.141 > > mackerel.adi.com. IN A 96.85.104.76 > > > > reverse zones: > > 141.245.100.75.in-addr.arpa. IN PTR mackerel.adi.com > > 76.104.85.96.in-addr.arpa.(not yet set up) > > OK, suppose you then set up > > 76.104.85.96.in-addr.arpa. IN PTR mackerel.adi.com. > > That may not play well with all the SMTP servers you wish to send to, > due to subtle implementation variations. > > > But receiving mail on both was more work than I had expected, so I am > > not going to set that up. > > Many sites have separate incoming and outbound SMTP servers. There is > no reason to name them the same, especially not when you plan to > implement them on separate IP addresses/ranges. > > The important thing is that the A and PTR records agree. That is most > simply done by using a single A record for each name, and a single PTR > record for each IP. Thanks to everyone for all the information. This was all to be temporary while switching from one ISP to another. The new ISP has to set up the pointer records, hopefully delegating to our server. They are taking a long time getting back to us on what they can do. Fortunately we will still have service with our old ISP for quite awhile. I just thought that receiving email from both addresses would make the timing of the final switch over less critical. Tom Schulz Applied Dynamics Intl. sch...@adi.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
> That is mostly how I thought it worked. What I had in mind more > specifically was: > > adi.com zone: > mackerel.adi.com. IN A 75.100.245.141 > mackerel.adi.com. IN A 96.85.104.76 > > reverse zones: > 141.245.100.75.in-addr.arpa. IN PTR mackerel.adi.com > 76.104.85.96.in-addr.arpa.(not yet set up) OK, suppose you then set up 76.104.85.96.in-addr.arpa. IN PTR mackerel.adi.com. That may not play well with all the SMTP servers you wish to send to, due to subtle implementation variations. > But receiving mail on both was more work than I had expected, so I am > not going to set that up. Many sites have separate incoming and outbound SMTP servers. There is no reason to name them the same, especially not when you plan to implement them on separate IP addresses/ranges. The important thing is that the A and PTR records agree. That is most simply done by using a single A record for each name, and a single PTR record for each IP. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
> Tom, when your mail server establishes a connection to another host, the > receiving host will likely automatically check the PTR record of the IP > address your server used as it's source address. This PTR record should > have a corresponding A record that points to the same IP address that > was looked up in the PTR record. This is sometimes referred to as a > "verified" hostname. Without this, receiving mail servers may sometimes > log your rDNS as unknown, which can look spammy to subsequent spam > filters. You can have any number of other A records that point to your > server, they are irrelevant to PTR verification. > > Example: > > Your reverse zone: > 1.1.1.1.in-addr.arpa.INPTRmail.adi.com. > > Your adi.com zone: > mail.adi.com.INA1.1.1.1 > smtp.adi.com.INA1.1.1.1 > www.adi.com.INA1.1.1.1 > foo.adi.com.INCNAMEwww.adi.com. > > All the matters to PTR verification is that 1.1.1.1 has a PTR record and > that PTR record exists as an A or CNAME that eventually points back to > 1.1.1.1 > > As others have pointed out, this is best common practice for outgoing > mail servers aka mail relays; However, I generally recommend having > valid PTR records and having matching forward records for any servers. > Maybe it's just me, but most of my server's send email - even MX servers > (they do create NDR notices from time to time). > > --Blake That is mostly how I thought it worked. What I had in mind more specifically was: adi.com zone: mackerel.adi.com. IN A 75.100.245.141 mackerel.adi.com. IN A 96.85.104.76 reverse zones: 141.245.100.75.in-addr.arpa. IN PTR mackerel.adi.com 76.104.85.96.in-addr.arpa.(not yet set up) With mail going out on only 75.100.245.141 but receiving mail on both. But receiving mail on both was more work than I had expected, so I am not going to set that up. When reverse for 96.85.104.76 is finally set up I will just do a late night switch over. > > Thomas Schulz wrote on 3/17/2016 8:53 AM: > > This is not a BIND question but I hope people here will know the answer. > > We are switching service providers and I understand that many email SPAM > > prevention systems insist on the reverse DNS matching the forward DNS. > > If I have two A records for our mail server and the reverse record matches > > one of them, will that be good enough. Or will the fact that the other A > > record does not match cause trouble. Tom Schulz Applied Dynamics Intl. sch...@adi.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
On 18/03/16 14:52, /dev/rob0 wrote: On Fri, Mar 18, 2016 at 10:04:05AM -0400, Thomas Schulz wrote: I turns out that it is harder than I thought to allow incomming connections from both providers at the same time, so I may not do that after all. Multiple route tables (and rules to choose the appropriate table) are fairly easy in Linux, albeit not particularly well documented. For Very poorly documented, in fact. If you go down this route, do not forget the interface "via eth0" routes in the secondary routes tables as well, otherwise very odd things can happen with ARP. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
Which FQDN does your mail server use for its EHLO? It should use the same name that's listed in reverse DNS. John On Thu, Mar 17, 2016 at 9:53 AM, Thomas Schulz wrote: > This is not a BIND question but I hope people here will know the answer. > We are switching service providers and I understand that many email SPAM > prevention systems insist on the reverse DNS matching the forward DNS. > If I have two A records for our mail server and the reverse record matches > one of them, will that be good enough. Or will the fact that the other A > record does not match cause trouble. > > Tom Schulz > Applied Dynamics Intl. > sch...@adi.com > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Multiple A records and reverse DNS
This is not a BIND question but I hope people here will know the answer. We are switching service providers and I understand that many email SPAM prevention systems insist on the reverse DNS matching the forward DNS. If I have two A records for our mail server and the reverse record matches one of them, will that be good enough. Or will the fact that the other A record does not match cause trouble. Tom Schulz Applied Dynamics Intl. sch...@adi.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
Tom, when your mail server establishes a connection to another host, the receiving host will likely automatically check the PTR record of the IP address your server used as it's source address. This PTR record should have a corresponding A record that points to the same IP address that was looked up in the PTR record. This is sometimes referred to as a "verified" hostname. Without this, receiving mail servers may sometimes log your rDNS as unknown, which can look spammy to subsequent spam filters. You can have any number of other A records that point to your server, they are irrelevant to PTR verification. Example: Your reverse zone: 1.1.1.1.in-addr.arpa.INPTRmail.adi.com. Your adi.com zone: mail.adi.com.INA1.1.1.1 smtp.adi.com.INA1.1.1.1 www.adi.com.INA1.1.1.1 foo.adi.com.INCNAMEwww.adi.com. All the matters to PTR verification is that 1.1.1.1 has a PTR record and that PTR record exists as an A or CNAME that eventually points back to 1.1.1.1 As others have pointed out, this is best common practice for outgoing mail servers aka mail relays; However, I generally recommend having valid PTR records and having matching forward records for any servers. Maybe it's just me, but most of my server's send email - even MX servers (they do create NDR notices from time to time). --Blake Thomas Schulz wrote on 3/17/2016 8:53 AM: This is not a BIND question but I hope people here will know the answer. We are switching service providers and I understand that many email SPAM prevention systems insist on the reverse DNS matching the forward DNS. If I have two A records for our mail server and the reverse record matches one of them, will that be good enough. Or will the fact that the other A record does not match cause trouble. Tom Schulz Applied Dynamics Intl. sch...@adi.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
On 17.03.16 09:53, Thomas Schulz wrote: This is not a BIND question but I hope people here will know the answer. We are switching service providers and I understand that many email SPAM prevention systems insist on the reverse DNS matching the forward DNS. If I have two A records for our mail server and the reverse record matches one of them, will that be good enough. Or will the fact that the other A record does not match cause trouble. Reverse DNS is only important for mailserver that connects to outside, no for receiving servers or MX records. If the mail server connects outside, it's IP address is checked by many receiving mailservers or spam filters for reverse DNS and the resolved name has to point to that IP address Invalid reverse DNS is often worse than no reverse at all... ... I have met complaints noting that recipients mail servers' IP is checked, or that rDNS must point to the MX content. They were all wrong, the problem usually lied in blacklist, invalid mailserver configuration etc... No sane admin or software will check reverse DNS of mailserver they are connecting to or MX records they send mail to. They would block out services like gmail, yahoo, aol, without any valid reason. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
> Am 17.03.2016 um 14:53 schrieb Thomas Schulz: >> This is not a BIND question but I hope people here will know the answer >> We are switching service providers and I understand that many email >> SPAM prevention systems insist on the reverse DNS matching the forward >> DNS. If I have two A records for our mail server and the reverse record >> matches one of them, will that be good enough. Or will the fact that >> the other A record does not match cause trouble > > when you have two A-recods then you have two IP's > each of them should have a PTR with *only* the name of the A-record > and in a good setup "smtp_helo_name" matchs too Thanks to everyone for their answers. In switching service providers we have arranged for both providers to be active at the same time for a few weeks. The old provider has reverse DNS set up but the new provider does not yet have that set up. I was thinking of allowing incomming email from both by having two A records but alowing outgoing email only through the old provider that has the working reverse DNS. When the new provider also has reverse DNS set up then I can switch outgoing email and close down the old connection. I turns out that it is harder than I thought to allow incomming connections from both providers at the same time, so I may not do that after all. Tom Schulz Applied Dynamics Intl. sch...@adi.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
In article , sch...@adi.com (Thomas Schulz) wrote: > This is not a BIND question but I hope people here will know the answer. > We are switching service providers and I understand that many email SPAM > prevention systems insist on the reverse DNS matching the forward DNS. > If I have two A records for our mail server and the reverse record matches > one of them, will that be good enough. Or will the fact that the other A > record does not match cause trouble. It should be OK. This is a fairly common situation for redundancy. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
Am 17.03.2016 um 14:53 schrieb Thomas Schulz: This is not a BIND question but I hope people here will know the answer. We are switching service providers and I understand that many email SPAM prevention systems insist on the reverse DNS matching the forward DNS. If I have two A records for our mail server and the reverse record matches one of them, will that be good enough. Or will the fact that the other A record does not match cause trouble when you have two A-recods then you have two IP's each of them should have a PTR with *only* the name of the A-record and in a good setup "smtp_helo_name" matchs too signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
Thomas Schulz wrote: > We are switching service providers and I understand that many email SPAM > prevention systems insist on the reverse DNS matching the forward DNS. > If I have two A records for our mail server and the reverse record matches > one of them, will that be good enough. Or will the fact that the other A > record does not match cause trouble. I would suggest setting up a separate name with matching forward and reverse DNS for each IP address. The existing name can be an alias pointing at both addresses. For example have a look at the setup for ppsw.cam.ac.uk which is our central mail relay. (The name is a relic from the days of the JANET coloured book protocols and a grivously hacked fork of MMDF.) Tony. -- f.anthony.n.finchhttp://dotat.at/ Forties: Northwest 3 or 4, veering north 4 or 5, increasing 6 later in east. Slight, becoming moderate in east. Mainly fair. Moderate or good, occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multiple A records and reverse DNS
On Fri, Mar 18, 2016 at 10:04:05AM -0400, Thomas Schulz wrote: > I turns out that it is harder than I thought to allow incomming > connections from both providers at the same time, so I may not do > that after all. Multiple route tables (and rules to choose the appropriate table) are fairly easy in Linux, albeit not particularly well documented. For other OSs, I wouldn't know. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
