#1  
Old 18th September 2007, 23:07
Ashaman074 Ashaman074 is offline
Junior Member
 
Join Date: May 2007
Posts: 27
Thanks: 0
Thanked 1 Time in 1 Post
Default DNS, rDNS, & PTR problems

Hi, I have been tinkering with the DNS settings on my server for the last few days trying to get things right, but I seem to have come to a standstill so I thought I would ask for some help...

Original problem - I cannot send Email to AOL. AOL has a diagnostic tool posted at http://postmaster.aol.com/tools/rdns.html for testing. When I run the test, I get:

Code:
DNS Server Response:
No PTR but got: 
75.255.167.12.in-addr.arpa. 171613 IN CNAME 75.72/29.255.167.12.in-addr.arpa.


Failure! Unfortunately we were unable to resolve Reverse DNS for the IP address you entered. Contact your ISP or e-mail administrator to modify these settings. Also please note the following points: 
AOL does require that all connecting Mail Transfer Agents have established reverse DNS, regardless of whether it matches the domain.

Reverse DNS must be in the form of a fully-qualified domain name. Reverse DNSes containing in-addr.arpa are not acceptable, as these are merely placeholders for a valid PTR record. Reverse DNSes consisting only of IP addresses are also not acceptable, as they do not correctly establish the relationship between domain and IP address.
OK, so for some reason it seems that my mail server is not being associated with the address.

I did a dig -x 12.167.255.xx and got:

Code:
; <<>> DiG 9.3.2 <<>> -x 12.167.255.xx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32401
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;xx.255.167.12.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
xx.255.167.12.in-addr.arpa. 42424 IN	CNAME	xx.xx/xx.255.167.12.in-addr.arpa.

;; Query time: 21 msec
;; SERVER: 4.2.2.1#53(4.2.2.1)
;; WHEN: Tue Sep 18 15:56:07 2007
;; MSG SIZE  rcvd: 67
Which doesn't seem right to me, shouldn't I see a mail.domain.com type entry there? If so, where is this defined? I have been poking around in bind files and things look right to me - any pointers?

Secondly, and I don't know if this is a problem or not - but when I run a test at DNSstuff.com, I have the following warnings:

Code:
Fail - Missing (stealth) nameservers:

FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNSreport will not query these servers, so you need to be very careful that they are working properly.

ns1.domain.net.
ns2.domain.net.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example). 

---
Fail - Missing nameservers 2:

ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
ns1.domain.com.
ns2.domain.com.

----

Fail - Stealth NS record leakage:

Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [ns2.domain.net.]!
Stealth nameservers are leaked [ns1.domain.net.]!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.
I am not sure what is causing the above errors either, or why it is .net in the first error but .com in the second. I do have both a domain.net and domain.com, but only ns1.domain.net exists, is there supposed to be one for each hosted domain?

I don't know if these are related to the first error or not, but since they were flagged on dnsstuff it seemed like it was worth checking out also!

Thanks!
Reply With Quote
Sponsored Links
  #2  
Old 18th September 2007, 23:25
catdude catdude is offline
Senior Member
 
Join Date: Jun 2007
Posts: 178
Thanks: 1
Thanked 12 Times in 11 Posts
Default

Most ISPs don't automatically provide reverse mapping to the IP addresses they assign you. And it's likely that the reverse-DNS authority for the netblock your IP is a part of belongs to your ISP, or possibly to their upstream.

In order to get a reverse DNS lookup to resolve to your domain name you would most likely have to talk to your ISP's tech support department and ask them to set up the reverse mapping.
Reply With Quote
  #3  
Old 19th September 2007, 14:23
chancer chancer is offline
Member
 
Join Date: Sep 2007
Posts: 88
Thanks: 6
Thanked 1 Time in 1 Post
Default

catdude is right, but that shouldn't stop you setting an spf record for the domain. That is usually, but not always, enough to satisfy AOL.

In case it's of interest, I usually tell clients and correspondents with AOL accounts to set up an alternative method of access if they require stable communications. Each of AOL's frequent attempts to blackmail email users into paying them, essentially landgrabbing email services into a single proprietary block with AOL at its head, causes a lot more trouble than it's worth.
Reply With Quote
  #4  
Old 19th September 2007, 17:08
Ashaman074 Ashaman074 is offline
Junior Member
 
Join Date: May 2007
Posts: 27
Thanks: 0
Thanked 1 Time in 1 Post
Default

Thanks for the input. I actually did contact the ISP, and I asked them to "change the delegation" to ns1.domain.net and ns2.domain.net (the name servers for ISPConfig) because I thought that was correct. Was it not? I thought that that would mean any rdns requests would then be sent to ns1.domain.net and ns2.domain.net which would them provide the PTR records. Unfortunately I am not 100% sure if this was correct...? Or maybe it was correct but they way they did it is not acceptable to AOL?

How about the second section with the problems regarding missing/stealth nameservers and such - cause for alarm, or is that something that isn't necessarily a problem?
Reply With Quote
  #5  
Old 19th September 2007, 17:29
catdude catdude is offline
Senior Member
 
Join Date: Jun 2007
Posts: 178
Thanks: 1
Thanked 12 Times in 11 Posts
Default

Quote:
Originally Posted by Ashaman074
Thanks for the input. I actually did contact the ISP, and I asked them to "change the delegation" to ns1.domain.net and ns2.domain.net (the name servers for ISPConfig) because I thought that was correct. Was it not? I thought that that would mean any rdns requests would then be sent to ns1.domain.net and ns2.domain.net which would them provide the PTR records. Unfortunately I am not 100% sure if this was correct...? Or maybe it was correct but they way they did it is not acceptable to AOL?

How about the second section with the problems regarding missing/stealth nameservers and such - cause for alarm, or is that something that isn't necessarily a problem?
It appears that your provider did indeed SWIP your netblock to you. I'm surprised by that - a lot of big providers won't do that.

DNSStuff.com says that your netblock is served up by your servers, but that your servers aren't responding. At least, no PTR (reverse DNS) records are avalable.

Frankly, I'm not sure what the errors messages you mentioned mean. I haven't sued that tool much.
Reply With Quote
  #6  
Old 19th September 2007, 17:41
Ashaman074 Ashaman074 is offline
Junior Member
 
Join Date: May 2007
Posts: 27
Thanks: 0
Thanked 1 Time in 1 Post
Default

Well, it is on a T1 line - so that is why they made the changes. I thought it looked like everything was winding up at my name servers as well, yet the PTR records are not being found.

How about the results of the dig I did on my IP, isn't that wrong? I don't know this stuff very well yet, but it said:

";; ANSWER SECTION:
xx.255.167.12.in-addr.arpa. 42424 IN CNAME xx.xx/xx.255.167.12.in-addr.arpa."

It has no mention of an actual domain name, is that a bit of a clue as to what is wrong?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS Configuration Problems VMartins Installation/Configuration 10 24th July 2007 14:40
Unable send receive emails vassilis3 Installation/Configuration 15 19th May 2007 14:34
No SPF record. beryl Installation/Configuration 6 17th May 2007 19:52
dns problems rayit General 2 24th August 2006 18:04
DNS, rDNS, NAT and vhosts, oh my! Hyakugei Installation/Configuration 2 19th May 2006 16:23


All times are GMT +2. The time now is 10:06.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.