Now I'm in trouble...
Storming Norman
tanmanlovespool at gmail.com
Fri Oct 14 05:15:10 UTC 2005
Since DNS Stuff is still reporting a problem with your reverse zone, I
will summarize your situation. I tried to read the responses and
responses to the responses below and some of them made some valid
points. I am a DNS administrator with another of the Baby Bells so I
will share my findings without knowing the actual verbatim contents of
your named.conf and applicable zone files. If any of the below seems
patronizing or a rehash of DNS basics, my sincerest apologies.
Here is the long and the short of it. Delegation of the zone by SBC
should be to the nameservers you have selected to be authoritative for
your reverse zone. The delegation file is a list of CNAME entries
pointing the individual IP's in your zone to their respective FQDN. For
example:
66.124.156.122 IN CNAME
122.120.156.124.66.in-addr.arpa
Since you have a /29 block (8 addresses, 5 of which are usable), you
will have 11 entries in your delegation file (8 addresses and three
name servers). Hopefully, the delegation file will list the servers in
the order of precedence (master, followed by the slave(s)).
On your side you will have set up a single reverse zone for
120.156.124.66.in-addr.arpa on all three of your DNS servers with one
master server and one or more slaves. The names of these servers must
match those in SBC's delegation file.
In one of the later Email exchanges, I noticed an error stating that
one of your nameservers was missing an 'A' record. I hope that has been
corrected. Checking your SOA record for light-family.com at the root
servers, I found only two nameservers listed with ns1.4servers.com
listed as the master. This conflicts with your delegation file at SBC
which has dns1.light-family.com as the master.
As far as PTRs are concerned in dealing with AOL and other major mail
providers you will need a PTR record for your outgoing mail server. If
you are using NAT through a firewall as I am guessing you are, you will
need a PTR for your firewall's public IP as this is the IP that AOL
will see the mail coming from. Other ISP's may require that your PTR
matches your MX record or require that you have an MX record and still
others may look to your SPF record to define any IP's or names of
servers that will be sending mail out of your domain. Incoming mail
servers (especially third-party SPAM filters) are not covered by SPF's.
I hope this helps!
More information about the bind-users
mailing list