Reverse DNS and mail
admjcd
admjcd at volpe.dot.gov
Wed Jan 7 20:51:29 UTC 2004
Also,
I believe the error you get that states "sender domain must resolve" is actually a Forward lookup of what is in the "Mail From:" command of a mail message. So if the server sent mail from John at work.com then it would fail only if work.com were not a real domain. And the mail would not even have to be coming from a work.com server. This is a rule that just checks to see if there is a real domain registered with that name. The Domain should have an A record pointing somewhere.
There are other rules on firewalls that would look at the IP that the connection was coming from, then do a reverse lookup to see if the IP has a PTR record. In that case you might not see an error. What you might see is mail sitting in the queue for two days then returned becasue it could not contact the destination server.
Does this Help? And please correct me if I am wrong, anyone.
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf Of Mike DiChiappari
Sent: Wednesday, January 07, 2004 7:40 AM
To: comp-protocols-dns-bind at isc.org
Subject: Reverse DNS and mail
I am thinking about (finally) setting up reverse DNS. Occassionally someone reports the error " (reason: 501 Domain must resolve)" when trying to send mail to us. I simply want our mail servers, which serves mail for several domains, to work properly with reverse DNS.
How does one setup reverse dns when a server supports multiple (virtual) hosts?
For example, our server hosts foo.com and bar.com. The /etc/named.conf contains this:
zone "foo.com" IN {
type master;
file "foo.com.zone";
allow-update { none; };
};
zone "bar.com" IN {
type master;
file "bar.com.zone";
allow-update { none; };
};
The typical zone file looks like this:
$TTL 86400
bar.com. IN SOA dns.foo.com. me.foo.com (
4 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
NS dns.foo.com.
A w.x.y.z
MX 5 mail
localhost IN A 127.0.0.1
mail A w.x.y.z
dns A w.x.y.z
www IN A a.b.c.d
fred IN A m.n.o.p
harry IN A m.n.o.p
NOTE: foo.com and bar.com on the same IP. Also the IP addresses for mail
(w.x.y.z) are the same for foo.com and bar.com. The web sites for both are on the same web server (virtually hosted).
The question is how do I add reverse lookup to named.conf?
I would want to add something like this:
zone "w.x.w-in-addr.arpa" IN {
type master;
file ####.com.rr.zone
allow-update { none };
};
What goes at ####? Do I put foo or bar? Or do I create two of these sections, each with the exact same first line (since they both share the same IP address)?
Another question: In the zone files for the reversed zones, is it okay to have address listed more than once by a PTR when a machine is known by more than one name (see fred and harry above)? For example,
bar.com. IN SOA dns.foo.com. me.foo.com (
4 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
p IN PTR fred.bar.com ; NOTE: This line
and the next both reference "p"
p IN PTR harry.bar.com
Thanks,
Mike
More information about the bind-users
mailing list