Reverse DNS Issue

[Ed Gartin]

We currently host our own external DNS server with the
service provider being the secondary. We have run into a
problem where if we send mail to certain ISP's the mail
gets returned or stuck in their spam filter because it
cannot do a Reverse DNS lookup on our domain. We have
check our server to make sure that all the PTR records
are in the reverse lookup zone and they are there. But
when we do a Reverse lookup we get no PTR records found ?
How do we get the PTR records to show up ? Do we have
something mis-configured ? Output below from Reverse DNS
query:

Reverse DNS for 12.3.228.229
Generated by www.DNSstuff.com
Country: UNITED STATES

Preparation:
The reverse DNS entry for an IP is found by reversing
the IP, adding it to "in-addr.arpa", and looking up the
PTR record.
So, the reverse DNS entry for 12.3.228.229 is found by
looking up the PTR record for
229.228.3.12.in-addr.arpa.
All DNS requests start by asking the root servers, and
they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking c.root-servers.net for 229.228.3.12.in-addr.arpa
PTR record:
c.root-servers.net says to go to dbru.br.ns.els-
gms.att.net. (zone: 12.in-addr.arpa.)
Asking dbru.br.ns.els-gms.att.net. for 229.228.3.12.in-
addr.arpa PTR record: Got CNAME referral to
dbru.br.ns.els-gms.att.net. (zone 229.224/28.228.3.12.in-
addr.arpa.)
Asking dbru.br.ns.els-gms.att.net. for
229.224/28.228.3.12.in-addr.arpa. PTR record:
dbru.br.ns.els-gms.att.net says to go to
dmtu.mt.ns.els-gms.att.net. (zone: 224/28.228.3.12.in-
addr.arpa.)
Asking dmtu.mt.ns.els-gms.att.net. for
229.224/28.228.3.12.in-addr.arpa. PTR record:
dmtu.mt.ns.els-gms.att.net says to go to
dmtu.mt.ns.els-gms.att.net. (zone: 224/28.228.3.12.in-
addr.arpa.)
Asking dmtu.mt.ns.els-gms.att.net. for
229.224/28.228.3.12.in-addr.arpa. PTR record:
dmtu.mt.ns.els-gms.att.net says to go to
name1.pezrow.com. (zone: 224/28.228.3.12.in-addr.arpa.)
Asking name1.pezrow.com. for 229.224/28.228.3.12.in-
addr.arpa. PTR record: Reports that no PTR records exist.

Answer:
No PTR records exist for 12.3.228.229. [Neg TTL=3600
seconds]

Details:
name1.pezrow.com. (an authoritative nameserver for
228.3.12.in-addr.arpa., which is in charge of the reverse
DNS for 12.3.228.229)
says that there are no PTR records for 12.3.228.229.

To get reverse DNS set up for 12.3.228.229, you need to
speak to your Internet provider. You could also
check with admin@, who is in charge of the 228.3.12.in-
addr.arpa. zone.

Note that all Internet accessible hosts are expected to
have a reverse DNS entry (per RFC1912 2.1),
and many mailservers (such as AOL) will likely block E-
mail from mailservers with no reverse DNS entry.
To see the reverse DNS traversal, to make sure that all
DNS servers are reporting the correct results, you can
Click Here.

 

[Herb Martin]

We currently host our own external DNS server with the
service provider being the secondary. We have run into a
problem where if we send mail to certain ISP's the mail
gets returned or stuck in their spam filter because it
cannot do a Reverse DNS lookup on our domain. We have
check our server to make sure that all the PTR records
are in the reverse lookup zone and they are there. But
when we do a Reverse lookup we get no PTR records found ?
How do we get the PTR records to show up ? Do we have
something mis-configured ? Output below from Reverse DNS
query:

For public addresses (which I am sure you are using for the public
email server -- or at least the transfer agent portion) you probably
CANNOT set the "reverse zone" or PTR records.

You don't "own the zone" for those records; some ISP (or NAP)
does.

You must ask your ISP to fix the PTR for your EMAIL server to
match the name that is uses for an MX record AND the name
it "reports" when sending email.

This last part confuses people (especially those with multiple email
domains) since they don't understand that the email server might
have a name that is NOT within any of the handled email domains.

(ISPs do this all the time: SMTP.myISP.com handles mail for
1000 client companies, etc but can only have ONE PTR record
effectively.)

ASK the ISP to do it.

--
Herb Martin

Reverse DNS for 12.3.228.229
Generated by www.DNSstuff.com
Country: UNITED STATES

Preparation:
The reverse DNS entry for an IP is found by reversing
the IP, adding it to "in-addr.arpa", and looking up the
PTR record.
So, the reverse DNS entry for 12.3.228.229 is found by
looking up the PTR record for
229.228.3.12.in-addr.arpa.
All DNS requests start by asking the root servers, and
they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking c.root-servers.net for 229.228.3.12.in-addr.arpa
PTR record:
c.root-servers.net says to go to dbru.br.ns.els-
gms.att.net. (zone: 12.in-addr.arpa.)
Asking dbru.br.ns.els-gms.att.net. for 229.228.3.12.in-
addr.arpa PTR record: Got CNAME referral to
dbru.br.ns.els-gms.att.net. (zone 229.224/28.228.3.12.in-
addr.arpa.)
Asking dbru.br.ns.els-gms.att.net. for
229.224/28.228.3.12.in-addr.arpa. PTR record:
dbru.br.ns.els-gms.att.net says to go to
dmtu.mt.ns.els-gms.att.net. (zone: 224/28.228.3.12.in-
addr.arpa.)
Asking dmtu.mt.ns.els-gms.att.net. for
229.224/28.228.3.12.in-addr.arpa. PTR record:
dmtu.mt.ns.els-gms.att.net says to go to
dmtu.mt.ns.els-gms.att.net. (zone: 224/28.228.3.12.in-
addr.arpa.)
Asking dmtu.mt.ns.els-gms.att.net. for
229.224/28.228.3.12.in-addr.arpa. PTR record:
dmtu.mt.ns.els-gms.att.net says to go to
name1.pezrow.com. (zone: 224/28.228.3.12.in-addr.arpa.)
Asking name1.pezrow.com. for 229.224/28.228.3.12.in-
addr.arpa. PTR record: Reports that no PTR records exist.

Answer:
No PTR records exist for 12.3.228.229. [Neg TTL=3600
seconds]

Details:
name1.pezrow.com. (an authoritative nameserver for
228.3.12.in-addr.arpa., which is in charge of the reverse
DNS for 12.3.228.229)
says that there are no PTR records for 12.3.228.229.

To get reverse DNS set up for 12.3.228.229, you need to
speak to your Internet provider. You could also
check with admin@, who is in charge of the 228.3.12.in-
addr.arpa. zone.

Note that all Internet accessible hosts are expected to
have a reverse DNS entry (per RFC1912 2.1),
and many mailservers (such as AOL) will likely block E-
mail from mailservers with no reverse DNS entry.
To see the reverse DNS traversal, to make sure that all
DNS servers are reporting the correct results, you can
Click Here.

 

[Jonathan de Boyne Pollard]

EG> the mail gets returned or stuck in their spam filter because
EG> it cannot do a Reverse DNS lookup on our domain.

The Brigade has obviously been proselytising.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-avoid-double-reverse.html>

EG> But when we do a Reverse lookup we get no PTR records found ?

Correct.

EG> How do we get the PTR records to show up ?

They already show up.

[C:\]dnsqry /serverip:12.3.228.227 ptr 229.228.3.12.in-addr.arpa.
[0.0.0.0:0000] -> [12.3.228.227:0035] 43
Header: 0000 1+0+0+0, Q, , query, no_error
Question: 229.228.3.12.in-addr.arpa. IN PTR

[12.3.228.227:0035] -> [0.0.0.0:0000] 285
Header: 0000 1+10+0+0, R, RA|AUTH, query, no_error
Question: 229.228.3.12.in-addr.arpa. IN PTR
Answer: 229.228.3.12.in-addr.arpa. IN PTR 3600 leeperderose-syr.leeperderose-syr.com.
Answer: 229.228.3.12.in-addr.arpa. IN PTR 3600 sommeradvantage.com.
Answer: 229.228.3.12.in-addr.arpa. IN PTR 3600 pezrow.com.
Answer: 229.228.3.12.in-addr.arpa. IN PTR 3600 cmn.pezrow.com.
Answer: 229.228.3.12.in-addr.arpa. IN PTR 3600 asmnep.com.
Answer: 229.228.3.12.in-addr.arpa. IN PTR 3600 leeperderose-syr.com.
Answer: 229.228.3.12.in-addr.arpa. IN PTR 3600 cmn.asmnep.com.
Answer: 229.228.3.12.in-addr.arpa. IN PTR 3600 msxram05.asmnep.com.
Answer: 229.228.3.12.in-addr.arpa. IN PTR 3600 msxram05.pezrow.com.
Answer: 229.228.3.12.in-addr.arpa. IN PTR 3600 msxram05.cmn.asmnep.com.

[C:\]

The problem is not on your content DNS server. The problem is that the
owners of the "3.12.in-addr.arpa." content DNS servers (at 12.127.16.69,
12.127.16.70, 199.191.128.105, and 199.191.128.106) are breaking things.
Get them to delegate reverse lookup domains in the _normal_ manner, not
in the unnecessary and (in order to interoperate with the features of
your DNS server software, which you are using) incorrect RFC 2317 style.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/avoid-rfc-2317-delegation.html>

 

[Jonathan de Boyne Pollard]

HM> For public addresses [...] you probably CANNOT set the
HM> "reverse zone" or PTR records.

Yes, he can. After all, he actually has.

HM> You don't "own the zone" for those records; [...]

Yes, he does. The owners of the superdomain have simply delegated things
incorrectly.

 

[Kevin D. Goodknecht [MVP]]

In

We currently host our own external DNS server with the
service provider being the secondary. We have run into a
problem where if we send mail to certain ISP's the mail
gets returned or stuck in their spam filter because it
cannot do a Reverse DNS lookup on our domain. We have
check our server to make sure that all the PTR records
are in the reverse lookup zone and they are there. But
when we do a Reverse lookup we get no PTR records found ?
How do we get the PTR records to show up ? Do we have
something mis-configured ? Output below from Reverse DNS
query:

Thanks for posting the dnsstuff.com output. This final line gives the clue
for what to look for:
Asking name1.pezrow.com. for 229.224/28.228.3.12.in-
addr.arpa. PTR record: Reports that no PTR records exist.

Is name1.pezrow.com your DNS server?

Is the reverse lookup zone named 224/28.228.3.12.in-addr.arpa.?

Do you have a PTR for 229 with name msxram05.pezrow.com.?

Incidentally one of your MX records points to a domain name for its mail
server host name, you should remove that MX record and make sure you have
your mail server answer with the host name msxram05.pezrow.com.

You have several problems not only with the reverse lookup on your IP
address, but also with the forward lookup on the domain.

There are a lot of fails in the DNS report.