Reverse look-up returns root servers?

Shawn Bakhtiar shashaness at hotmail.com
Mon Oct 28 20:07:26 UTC 2013 

background:
last month we enabled the feature on sendmail to do a reverse look-up of the name and verify the IP address before accepting an email for delivery FEATURE(`require_rdns')dnl. I know this breaks the RFC but given all the spam this actually helps weed out a few.

Received a call from purchasing today, that (all of a sudden) one of our vendors is no longer able to send us email. Checking the mail log I get:
Oct 28 05:30:48 smtp sendmail[9092]: r9SCUmtY009092: ruleset=check_rcpt, arg1=<rweeks at inksystems.com>, relay=[198.173.12.21], reject=550 5.7.1 <rweeks at inksystems.com>... Fix reverse DNS for 198.173.12.21
Oct 28 05:30:49 smtp sendmail[9092]: r9SCUmtY009092: from=<prvs=1013b1b09b=Hank at apollocolors.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[198.173.12.21]

now normally the second line should end with relay=mailgw.apollocolors.com. [198.173.12.21] (not just the IP in brackets)

However, we implemented the rule over a month ago, and all of a sudden as of yesterday this stopped working??

Question:
When I dig the MX record I get mailgw.apollocolors.com. 

pompt> dig apollocolors.com MX

; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> apollocolors.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50104
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5

;; QUESTION SECTION:
;apollocolors.com.        IN    MX

;; ANSWER SECTION:
apollocolors.com.    3085    IN    MX    10 mailgw.apollocolors.com.

;; AUTHORITY SECTION:
apollocolors.com.    3332    IN    NS    ns3.e2services.net.
apollocolors.com.    3332    IN    NS    ns4.e2services.net.
apollocolors.com.    3332    IN    NS    ns2.e2services.net.
apollocolors.com.    3332    IN    NS    ns1.e2services.net.

;; ADDITIONAL SECTION:
mailgw.apollocolors.com. 3085    IN    A    198.173.12.21
ns1.e2services.net.    3079    IN    A    216.35.163.10
ns2.e2services.net.    3079    IN    A    216.35.163.11
ns3.e2services.net.    3079    IN    A    64.14.233.10
ns4.e2services.net.    3079    IN    A    64.14.233.11

;; Query time: 1 msec
;; SERVER: 12.238.189.39#53(12.238.189.39)
;; WHEN: Mon Oct 28 12:53:35 2013
;; MSG SIZE  rcvd: 223


When I look-up the reverse at my recursive server I get:
prompt> dig -x 198.173.12.21 

; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> -x 198.173.12.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33959
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;21.12.173.198.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
21.12.173.198.in-addr.arpa. 8428 IN    PTR    mailgw.apollocolors.com.

;; AUTHORITY SECTION:
12.173.198.in-addr.arpa. 40828    IN    NS    auth2.dns.cogentco.com.
12.173.198.in-addr.arpa. 40828    IN    NS    auth5.dns.cogentco.com.
12.173.198.in-addr.arpa. 40828    IN    NS    auth4.dns.cogentco.com.
12.173.198.in-addr.arpa. 40828    IN    NS    auth1.dns.cogentco.com.

;; ADDITIONAL SECTION:
auth1.dns.cogentco.com.    16531    IN    AAAA    2001:550:1:a::d
auth2.dns.cogentco.com.    30846    IN    AAAA    2001:550:1:b::d
auth4.dns.cogentco.com.    30846    IN    AAAA    2001:978:1:a::d
auth5.dns.cogentco.com.    30846    IN    AAAA    2001:978:1:b::d

;; Query time: 1 msec
;; SERVER: 12.238.189.39#53(12.238.189.39)
;; WHEN: Mon Oct 28 12:55:16 2013
;; MSG SIZE  rcvd: 286


However, and her is the rub, when I do the same reverse look-up at any of their servers I get a list of root servers back. Shouldn't I be getting back the IP address pointer back? Also according to IntoDNS two of their servers are misconfigured or non-existant.

Here is what I get instead:
prompt> dig @216.35.163.10 -x 198.173.12.21

; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> @216.35.163.10 -x 198.173.12.21
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29478
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;21.12.173.198.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
.            3600    IN    NS    j.root-servers.net.
.            3600    IN    NS    l.root-servers.net.
.            3600    IN    NS    i.root-servers.net.
.            3600    IN    NS    m.root-servers.net.
.            3600    IN    NS    a.root-servers.net.
.            3600    IN    NS    b.root-servers.net.
.            3600    IN    NS    c.root-servers.net.
.            3600    IN    NS    d.root-servers.net.
.            3600    IN    NS    e.root-servers.net.
.            3600    IN    NS    f.root-servers.net.
.            3600    IN    NS    g.root-servers.net.
.            3600    IN    NS    h.root-servers.net.
.            3600    IN    NS    k.root-servers.net.

;; ADDITIONAL SECTION:
j.root-servers.net.    3600    IN    A    192.58.128.30
l.root-servers.net.    3600    IN    A    199.7.83.42
i.root-servers.net.    3600    IN    A    192.36.148.17

;; Query time: 59 msec
;; SERVER: 216.35.163.10#53(216.35.163.10)
;; WHEN: Mon Oct 28 13:00:29 2013
;; MSG SIZE  rcvd: 507

Am I missing something or is their DNS misconfigured? 

Any help is greatly appreciated. Want to verify they have a misconfiguration before letting the admin know. 


 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131028/ce8734fc/attachment.html>

More information about the bind-users mailing list