Reverse DNS and mail
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Jan 7 22:55:30 UTC 2004
> Also,
>
> I believe the error you get that states "sender domain must resolve" is act
> ually a Forward lookup of what is in the "Mail From:" command of a mail messa
> ge. So if the server sent mail from John at work.com then it would fail only if
> work.com were not a real domain. And the mail would not even have to be comin
> g from a work.com server. This is a rule that just checks to see if there is
> a real domain registered with that name. The Domain should have an A record
> pointing somewhere.
If a MTA is performing this test then is should be looking
for a A, AAAA or MX record. Anyone of these is enough to
satisfy the test. Any MTA that demands a A record is broken
for the domain in the "mail from".
A IPv4 only host.
AAAA IPv6 only host.
MX mail only domain.
Note: there are a lot of old IPv4 only aware MTA's which only
check A and MX.
> There are other rules on firewalls that would look at the IP that the conn
> ection was coming from, then do a reverse lookup to see if the IP has a PTR r
> ecord. In that case you might not see an error. What you might see is mail si
> tting in the queue for two days then returned becasue it could not contact th
> e destination server.
>
> Does this Help? And please correct me if I am wrong, anyone.
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf
> Of Mike DiChiappari
> Sent: Wednesday, January 07, 2004 7:40 AM
> To: comp-protocols-dns-bind at isc.org
> Subject: Reverse DNS and mail
>
>
> I am thinking about (finally) setting up reverse DNS. Occassionally someone
> reports the error " (reason: 501 Domain must resolve)" when trying to send ma
> il to us. I simply want our mail servers, which serves mail for several doma
> ins, to work properly with reverse DNS.
>
> How does one setup reverse dns when a server supports multiple (virtual) host
> s?
>
> For example, our server hosts foo.com and bar.com. The /etc/named.conf conta
> ins this:
>
> zone "foo.com" IN {
> type master;
> file "foo.com.zone";
> allow-update { none; };
> };
> zone "bar.com" IN {
> type master;
> file "bar.com.zone";
> allow-update { none; };
> };
>
> The typical zone file looks like this:
>
> $TTL 86400
> bar.com. IN SOA dns.foo.com. me.foo.com (
> 4 ; serial
> 28800 ; refresh
> 7200 ; retry
> 604800 ; expire
> 86400 ; ttl
> )
> NS dns.foo.com.
> A w.x.y.z
> MX 5 mail
> localhost IN A 127.0.0.1
> mail A w.x.y.z
> dns A w.x.y.z
> www IN A a.b.c.d
> fred IN A m.n.o.p
> harry IN A m.n.o.p
>
> NOTE: foo.com and bar.com on the same IP. Also the IP addresses for mail
> (w.x.y.z) are the same for foo.com and bar.com. The web sites for both are o
> n the same web server (virtually hosted).
>
> The question is how do I add reverse lookup to named.conf?
>
> I would want to add something like this:
>
> zone "w.x.w-in-addr.arpa" IN {
> type master;
> file ####.com.rr.zone
> allow-update { none };
> };
>
> What goes at ####? Do I put foo or bar? Or do I create two of these section
> s, each with the exact same first line (since they both share the same IP add
> ress)?
>
> Another question: In the zone files for the reversed zones, is it okay to hav
> e address listed more than once by a PTR when a machine is known by more than
> one name (see fred and harry above)? For example,
>
> bar.com. IN SOA dns.foo.com. me.foo.com (
> 4 ; serial
> 28800 ; refresh
> 7200 ; retry
> 604800 ; expire
> 86400 ; ttl
> )
>
> p IN PTR fred.bar.com ; NOTE: This line
> and the next both reference "p"
> p IN PTR harry.bar.com
>
> Thanks,
> Mike
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list