HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   553 You have a reverse DNS problem (http://www.howtoforge.com/forums/showthread.php?t=10765)

gripner 21st February 2007 11:17

553 You have a reverse DNS problem
 
Hi

Have DNS set up on a ISPconfig box

tryin to send mail to a person and i get this error msg back
553 You have a reverse DNS problem

Dont understand why tho, my dns config looks like this:
> set type=any
>
> ctisystems.se
Server: ns1.ctisystems.se
Address: 195.178.169.153

ctisystems.se
primary name server = ns1.ctisystems.se
responsible mail addr = support.ctisystems.se
serial = 2007022101
refresh = 3600 (1 hour)
retry = 1800 (30 mins)
expire = 604800 (7 days)
default TTL = 600 (10 mins)
ctisystems.se nameserver = sbs.ctisystems.se
ctisystems.se nameserver = ns1.ctisystems.se
ctisystems.se MX preference = 10, mail exchanger = sbs.ctisystems.se
ctisystems.se internet address = 195.178.169.153
ns1.ctisystems.se internet address = 195.178.169.153
sbs.ctisystems.se internet address = 195.178.169.154


And if i do a PTR lookup on sbs.ctisystems.se wich should be what needs to have a PTR right ? it looks like this :
> set type=PTR
> 195.178.169.154
Server: ns1.ctisystems.se
Address: 195.178.169.153

154.169.178.195.in-addr.arpa name = server1.ctisystems.se
154.169.178.195.in-addr.arpa name = sbs.ctisystems.se
169.178.195.in-addr.arpa nameserver = ns1.ctisystems.se
ns1.ctisystems.se internet address = 195.178.169.153
>



Anyone have any bright ideas?

martinfst 21st February 2007 12:30

If you enter your domain at dnsstuff.com for testing (http://www.dnsstuff.com/tools/dnsrep...=ctisystems.se) you see at least part of your problems
Code:

FAIL        Missing (stealth) nameservers
FAIL: You have one or more missing (stealth) nameservers.
The following nameserver(s) are listed (at your nameservers) as nameservers
for your domain, but are not listed at the parent nameservers (therefore, they
may or may not get used, depending on whether your DNS servers return them
in the authority section for other requests, per RFC2181 5.4.1). You need to
make sure that these stealth nameservers are working; if they are not
responding, you may have serious problems! The DNS Report will not query
these servers, so you need to be very careful that they are working properly.

sbs.ctisystems.se.
This is listed as an ERROR because there are some cases where nasty problems
can occur (if the TTLs vary from the NS records at the root servers and the NS
records point to your own domain, for example).

Why you're getting a reverse DNS reject, I don't know (yet). There must be someting more wrong, because trying to resolve the IP addresses gives a servfail, which means rDNS is not setup at all:
Code:

:~$ dig -x 195.178.169.154

; <<>> DiG 9.3.2 <<>> -x 195.178.169.154
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32056
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;154.169.178.195.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
154.169.178.195.in-addr.arpa. 86399 IN  CNAME  154.128-25.169.178.195.in-addr.arpa.

;; Query time: 12 msec
;; SERVER: 172.16.3.254#53(172.16.3.254)
;; WHEN: Wed Feb 21 11:28:17 2007
;; MSG SIZE  rcvd: 71

~$ dig -x 195.178.169.153

; <<>> DiG 9.3.2 <<>> -x 195.178.169.153
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42826
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;153.169.178.195.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
153.169.178.195.in-addr.arpa. 86399 IN  CNAME  153.128-25.169.178.195.in-addr.arpa.

;; Query time: 12 msec
;; SERVER: 172.16.3.254#53(172.16.3.254)
;; WHEN: Wed Feb 21 11:28:45 2007
;; MSG SIZE  rcvd: 71


gripner 21st February 2007 17:05

I fixed some of the problems tht dnsstuff showed,

Stil gt the same problem tho, any more ideas?

falko 22nd February 2007 21:58

I'm having difficulties to understand what exactly the problem is. Could you rephrase it?

gripner 23rd February 2007 09:23

The problem is:

When i try to send an email via our server to a customers email hes server replies with
553 You have a reverse DNS problem!
ANd dont accept any mail.

martinfst 23rd February 2007 09:30

You have not fixed your DNS problems
Code:

~$ dig -x 195.178.169.154

; <<>> DiG 9.3.2 <<>> -x 195.178.169.154
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42787
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;154.169.178.195.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
154.169.178.195.in-addr.arpa. 86399 IN  CNAME  154.128-25.169.178.195.in-addr.arpa.

;; Query time: 12 msec
;; SERVER: 172.16.3.254#53(172.16.3.254)
;; WHEN: Fri Feb 23 08:29:15 2007
;; MSG SIZE  rcvd: 71

Your server is not responding. Blocked port 53? Is it not authoritative for this address range?

gripner 28th February 2007 12:05

doubt port 53 is blocked since its not behind a FW atm, and the server should respond since it responds to dns queries. also responds to PTR queries

martinfst 28th February 2007 12:20

A fresh "dig" a minute ago still gives a SERVFAIL, so your server is not working. There must be a configuration problem.

gripner 28th February 2007 16:40

its most likely something wierd in the config, dunno what tho. kinda thought ISPConfig setss up PTR record correct when you add our DNS stuff

edge 28th February 2007 16:44

You will need to ask your ISP to set the reverse DNS, but I do not think that this is the main problem.


All times are GMT +2. The time now is 22:44.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.