View Single Post
Old 18th September 2007, 23:07
Ashaman074 Ashaman074 is offline
Junior Member
Join Date: May 2007
Posts: 27
Thanks: 0
Thanked 1 Time in 1 Post
Default DNS, rDNS, & PTR problems

Hi, I have been tinkering with the DNS settings on my server for the last few days trying to get things right, but I seem to have come to a standstill so I thought I would ask for some help...

Original problem - I cannot send Email to AOL. AOL has a diagnostic tool posted at for testing. When I run the test, I get:

DNS Server Response:
No PTR but got: 171613 IN CNAME 75.72/

Failure! Unfortunately we were unable to resolve Reverse DNS for the IP address you entered. Contact your ISP or e-mail administrator to modify these settings. Also please note the following points: 
AOL does require that all connecting Mail Transfer Agents have established reverse DNS, regardless of whether it matches the domain.

Reverse DNS must be in the form of a fully-qualified domain name. Reverse DNSes containing are not acceptable, as these are merely placeholders for a valid PTR record. Reverse DNSes consisting only of IP addresses are also not acceptable, as they do not correctly establish the relationship between domain and IP address.
OK, so for some reason it seems that my mail server is not being associated with the address.

I did a dig -x 12.167.255.xx and got:

; <<>> DiG 9.3.2 <<>> -x 12.167.255.xx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32401
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0


;; ANSWER SECTION: 42424 IN	CNAME	xx.xx/

;; Query time: 21 msec
;; WHEN: Tue Sep 18 15:56:07 2007
;; MSG SIZE  rcvd: 67
Which doesn't seem right to me, shouldn't I see a type entry there? If so, where is this defined? I have been poking around in bind files and things look right to me - any pointers?

Secondly, and I don't know if this is a problem or not - but when I run a test at, I have the following warnings:

Fail - Missing (stealth) nameservers:

FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNSreport will not query these servers, so you need to be very careful that they are working properly.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example). 

Fail - Missing nameservers 2:

ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:


Fail - Stealth NS record leakage:

Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked []!
Stealth nameservers are leaked []!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.
I am not sure what is causing the above errors either, or why it is .net in the first error but .com in the second. I do have both a and, but only exists, is there supposed to be one for each hosted domain?

I don't know if these are related to the first error or not, but since they were flagged on dnsstuff it seemed like it was worth checking out also!

Reply With Quote
Sponsored Links