Hi, I have been tinkering with the DNS settings on my server for the last few days trying to get things right, but I seem to have come to a standstill so I thought I would ask for some help...
Original problem - I cannot send Email to AOL. AOL has a diagnostic tool posted at http://postmaster.aol.com/tools/rdns.html
for testing. When I run the test, I get:
DNS Server Response:
No PTR but got:
220.127.116.11.in-addr.arpa. 171613 IN CNAME 75.72/18.104.22.168.in-addr.arpa.
Failure! Unfortunately we were unable to resolve Reverse DNS for the IP address you entered. Contact your ISP or e-mail administrator to modify these settings. Also please note the following points:
AOL does require that all connecting Mail Transfer Agents have established reverse DNS, regardless of whether it matches the domain.
Reverse DNS must be in the form of a fully-qualified domain name. Reverse DNSes containing in-addr.arpa are not acceptable, as these are merely placeholders for a valid PTR record. Reverse DNSes consisting only of IP addresses are also not acceptable, as they do not correctly establish the relationship between domain and IP address.
OK, so for some reason it seems that my mail server is not being associated with the address.
I did a dig -x 12.167.255.xx and got:
; <<>> DiG 9.3.2 <<>> -x 12.167.255.xx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32401
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;xx.255.167.12.in-addr.arpa. IN PTR
;; ANSWER SECTION:
xx.255.167.12.in-addr.arpa. 42424 IN CNAME xx.xx/xx.255.167.12.in-addr.arpa.
;; Query time: 21 msec
;; SERVER: 22.214.171.124#53(126.96.36.199)
;; WHEN: Tue Sep 18 15:56:07 2007
;; MSG SIZE rcvd: 67
Which doesn't seem right to me, shouldn't I see a mail.domain.com type entry there? If so, where is this defined? I have been poking around in bind files and things look right to me - any pointers?
Secondly, and I don't know if this is a problem or not - but when I run a test at DNSstuff.com, I have the following warnings:
Fail - Missing (stealth) nameservers:
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNSreport will not query these servers, so you need to be very careful that they are working properly.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
Fail - Missing nameservers 2:
ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
Fail - Stealth NS record leakage:
Your DNS servers leak stealth information in non-NS requests:
Stealth nameservers are leaked [ns2.domain.net.]!
Stealth nameservers are leaked [ns1.domain.net.]!
This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.
I am not sure what is causing the above errors either, or why it is .net in the first error but .com in the second. I do have both a domain.net and domain.com, but only ns1.domain.net exists, is there supposed to be one for each hosted domain?
I don't know if these are related to the first error or not, but since they were flagged on dnsstuff it seemed like it was worth checking out also!