Reverse dns des not reach my IP
Andy Shellam
andy.shellam-lists at mailnetwork.co.uk
Sat Apr 21 11:14:09 UTC 2007
No, unfortunately not - it's the remote mail servers' configuration
that's strict - AOL in particular do this.
It's happening because, during a mail exchange "hand-shake":
1. Your mail server tells the remote mail server that it's
server1.mydomain.com
2. The remote mail server does a forward-lookup of server1.mydomain.com
- and gets IP address 123.123.123.1
3. The remote mail server then does a reverse-lookup of
1.123.123.123.in-addr.arpa and expects to get server1.mydomain.com, but
instead gets server-123-123-123-1.isp.com
4. Depending on the configuration of the remote mail server, it either
accepts this mail with a warning (as most do) or reject it completely
(like this rare one you're getting)
It's a check mainly for the correctness of DNS setups, but also some
spammers who use fake hostnames cannot set reverse DNS, so it can filter
out a few spammers, but most of these are on dial-up/dynamic ADSL, and
because ISPs own the IP addresses, they set their reverse DNSs
correctly. Also in some cases the difference between DNS/rDNS can be
legitimate, so it's really down to the requirements of the accepting
mail server.
Personally on my mail servers I apply a header to the e-mail, warning of
the difference, which is then used as part of a bigger calculation to
see the probability of it being spam. I certainly wouldn't reject
e-mail based on this alone.
All you can do is pester your ISP to change your reverse DNS. Once
they've changed it, the usual rules of allowing 24-48 hours for
propogation apply too.
Andy.
Alex Jalali wrote:
> Thanks for the info. I'll see what my ISP can do.
>
> The main reason I wanted to fix this is because I get this very rare error
> when sending mail to some servers. I don't know why they reject. Is there a
> workaround for this?
>
>
> (reason: 554 <unknown[207.151.156.98]>: Client host rejected: rDNS/DNS
> validation failed. Please setup matching DNS and rDNS records:
> http://bind8nt.meiway.com/itsaDNSmess.cfm)
>
>
>
>
>
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf
> Of Andy Shellam
> Sent: Saturday, April 21, 2007 2:48 AM
> To: Niall O'Reilly
> Cc: Bind-Users Mailing List
> Subject: Re: Reverse dns des not reach my IP
>
> "Probably not if OP expects to need to do updates from time to time. "
>
> But, if their ISP has to refuse (if the OP doesn't own the entire /24
> block) then he's got no choice, or he'll be stuck with the standard
> server-x.x.x.x.isp.com format, so it's better than nothing?
>
> Andy.
>
>
> Niall O'Reilly wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> On 21 Apr 2007, at 10:16, Andy Shellam wrote:
>>
>>
>>> 1. ask your ISP to change the reverse DNS for your IP to the domain you
>>> require
>>>
>>> 2. ask them to delegate 123.123.123.in-addr.arpa to your DNS servers
>>> (which unless you own the entire 123.123.123.x range, it's unlikely
>>> they'll do.)
>>>
>> "Unlikely" is an understatement! 8-)
>>
>> If they know what they're at, they have to refuse unless OP
>> owns the entire /24 block, due to likely impact on other
>> "residents" in the block.
>>
>>
>>> I'm not sure if you can delegate a single record.
>>>
>> You can. See RFC2317.
>>
>>
>>> Option 1 is by far the easiest.
>>>
>> Probably not if OP expects to need to do updates from time to time.
>>
>>
>> Best regards,
>>
>> Niall O'Reilly
>> University College Dublin IT Services
>>
>> PGP key ID: AE995ED9 (see www.pgp.net)
>> Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9
>>
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.1 (Darwin)
>>
>> iD8DBQFGKd2YeYfkja6ZXtkRAnvJAJ4i/5zrcxADxm7sLBQOa6JgTudJSACdHY2W
>> PRtJqEKU1J/jj131FXt5tpw=
>> =rr6J
>> -----END PGP SIGNATURE-----
>>
>>
>>
>>
>>
>
>
>
>
> !DSPAM:37,4629ef7789291760918200!
>
>
>
More information about the bind-users
mailing list