553 You have a reverse DNS problem

[gripner]

Hi

Have DNS set up on a ISPconfig box

tryin to send mail to a person and i get this error msg back
553 You have a reverse DNS problem

Dont understand why tho, my dns config looks like this:
> set type=any
>
> ctisystems.se
Server: ns1.ctisystems.se
Address: 195.178.169.153

ctisystems.se
primary name server = ns1.ctisystems.se
responsible mail addr = support.ctisystems.se
serial = 2007022101
refresh = 3600 (1 hour)
retry = 1800 (30 mins)
expire = 604800 (7 days)
default TTL = 600 (10 mins)
ctisystems.se nameserver = sbs.ctisystems.se
ctisystems.se nameserver = ns1.ctisystems.se
ctisystems.se MX preference = 10, mail exchanger = sbs.ctisystems.se
ctisystems.se internet address = 195.178.169.153
ns1.ctisystems.se internet address = 195.178.169.153
sbs.ctisystems.se internet address = 195.178.169.154


And if i do a PTR lookup on sbs.ctisystems.se wich should be what needs to have a PTR right ? it looks like this :
> set type=PTR
> 195.178.169.154
Server: ns1.ctisystems.se
Address: 195.178.169.153

154.169.178.195.in-addr.arpa name = server1.ctisystems.se
154.169.178.195.in-addr.arpa name = sbs.ctisystems.se
169.178.195.in-addr.arpa nameserver = ns1.ctisystems.se
ns1.ctisystems.se internet address = 195.178.169.153
>



Anyone have any bright ideas?

[martinfst]

If you enter your domain at dnsstuff.com for testing (http://www.dnsstuff.com/tools/dnsrep...=ctisystems.se) you see at least part of your problems

Code:

FAIL	Missing (stealth) nameservers
FAIL: You have one or more missing (stealth) nameservers. 
The following nameserver(s) are listed (at your nameservers) as nameservers
for your domain, but are not listed at the parent nameservers (therefore, they 
may or may not get used, depending on whether your DNS servers return them 
in the authority section for other requests, per RFC2181 5.4.1). You need to 
make sure that these stealth nameservers are working; if they are not 
responding, you may have serious problems! The DNS Report will not query 
these servers, so you need to be very careful that they are working properly.

sbs.ctisystems.se.
This is listed as an ERROR because there are some cases where nasty problems 
can occur (if the TTLs vary from the NS records at the root servers and the NS 
records point to your own domain, for example).

Why you're getting a reverse DNS reject, I don't know (yet). There must be someting more wrong, because trying to resolve the IP addresses gives a servfail, which means rDNS is not setup at all:

Code:

:~$ dig -x 195.178.169.154

; <<>> DiG 9.3.2 <<>> -x 195.178.169.154
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32056
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;154.169.178.195.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
154.169.178.195.in-addr.arpa. 86399 IN  CNAME   154.128-25.169.178.195.in-addr.arpa.

;; Query time: 12 msec
;; SERVER: 172.16.3.254#53(172.16.3.254)
;; WHEN: Wed Feb 21 11:28:17 2007
;; MSG SIZE  rcvd: 71

~$ dig -x 195.178.169.153

; <<>> DiG 9.3.2 <<>> -x 195.178.169.153
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42826
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;153.169.178.195.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
153.169.178.195.in-addr.arpa. 86399 IN  CNAME   153.128-25.169.178.195.in-addr.arpa.

;; Query time: 12 msec
;; SERVER: 172.16.3.254#53(172.16.3.254)
;; WHEN: Wed Feb 21 11:28:45 2007
;; MSG SIZE  rcvd: 71

[gripner]

I fixed some of the problems tht dnsstuff showed,

Stil gt the same problem tho, any more ideas?

[falko]

I'm having difficulties to understand what exactly the problem is. Could you rephrase it?

[gripner]

The problem is:

When i try to send an email via our server to a customers email hes server replies with
553 You have a reverse DNS problem!
ANd dont accept any mail.

[martinfst]

You have not fixed your DNS problems

Code:

~$ dig -x 195.178.169.154

; <<>> DiG 9.3.2 <<>> -x 195.178.169.154
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42787
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;154.169.178.195.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
154.169.178.195.in-addr.arpa. 86399 IN  CNAME   154.128-25.169.178.195.in-addr.arpa.

;; Query time: 12 msec
;; SERVER: 172.16.3.254#53(172.16.3.254)
;; WHEN: Fri Feb 23 08:29:15 2007
;; MSG SIZE  rcvd: 71

Your server is not responding. Blocked port 53? Is it not authoritative for this address range?

[gripner]

doubt port 53 is blocked since its not behind a FW atm, and the server should respond since it responds to dns queries. also responds to PTR queries

[martinfst]

A fresh "dig" a minute ago still gives a SERVFAIL, so your server is not working. There must be a configuration problem.

[gripner]

its most likely something wierd in the config, dunno what tho. kinda thought ISPConfig setss up PTR record correct when you add our DNS stuff

[edge]

You will need to ask your ISP to set the reverse DNS, but I do not think that this is the main problem.