Reverse look-up returns root servers?
Shawn Bakhtiar
shashaness at hotmail.com
Mon Oct 28 20:07:26 UTC 2013
background:
last month we enabled the feature on sendmail to do a reverse look-up of the name and verify the IP address before accepting an email for delivery FEATURE(`require_rdns')dnl. I know this breaks the RFC but given all the spam this actually helps weed out a few.
Received a call from purchasing today, that (all of a sudden) one of our vendors is no longer able to send us email. Checking the mail log I get:
Oct 28 05:30:48 smtp sendmail[9092]: r9SCUmtY009092: ruleset=check_rcpt, arg1=<rweeks at inksystems.com>, relay=[198.173.12.21], reject=550 5.7.1 <rweeks at inksystems.com>... Fix reverse DNS for 198.173.12.21
Oct 28 05:30:49 smtp sendmail[9092]: r9SCUmtY009092: from=<prvs=1013b1b09b=Hank at apollocolors.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[198.173.12.21]
now normally the second line should end with relay=mailgw.apollocolors.com. [198.173.12.21] (not just the IP in brackets)
However, we implemented the rule over a month ago, and all of a sudden as of yesterday this stopped working??
Question:
When I dig the MX record I get mailgw.apollocolors.com.
pompt> dig apollocolors.com MX
; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> apollocolors.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50104
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
;; QUESTION SECTION:
;apollocolors.com. IN MX
;; ANSWER SECTION:
apollocolors.com. 3085 IN MX 10 mailgw.apollocolors.com.
;; AUTHORITY SECTION:
apollocolors.com. 3332 IN NS ns3.e2services.net.
apollocolors.com. 3332 IN NS ns4.e2services.net.
apollocolors.com. 3332 IN NS ns2.e2services.net.
apollocolors.com. 3332 IN NS ns1.e2services.net.
;; ADDITIONAL SECTION:
mailgw.apollocolors.com. 3085 IN A 198.173.12.21
ns1.e2services.net. 3079 IN A 216.35.163.10
ns2.e2services.net. 3079 IN A 216.35.163.11
ns3.e2services.net. 3079 IN A 64.14.233.10
ns4.e2services.net. 3079 IN A 64.14.233.11
;; Query time: 1 msec
;; SERVER: 12.238.189.39#53(12.238.189.39)
;; WHEN: Mon Oct 28 12:53:35 2013
;; MSG SIZE rcvd: 223
When I look-up the reverse at my recursive server I get:
prompt> dig -x 198.173.12.21
; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> -x 198.173.12.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33959
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;21.12.173.198.in-addr.arpa. IN PTR
;; ANSWER SECTION:
21.12.173.198.in-addr.arpa. 8428 IN PTR mailgw.apollocolors.com.
;; AUTHORITY SECTION:
12.173.198.in-addr.arpa. 40828 IN NS auth2.dns.cogentco.com.
12.173.198.in-addr.arpa. 40828 IN NS auth5.dns.cogentco.com.
12.173.198.in-addr.arpa. 40828 IN NS auth4.dns.cogentco.com.
12.173.198.in-addr.arpa. 40828 IN NS auth1.dns.cogentco.com.
;; ADDITIONAL SECTION:
auth1.dns.cogentco.com. 16531 IN AAAA 2001:550:1:a::d
auth2.dns.cogentco.com. 30846 IN AAAA 2001:550:1:b::d
auth4.dns.cogentco.com. 30846 IN AAAA 2001:978:1:a::d
auth5.dns.cogentco.com. 30846 IN AAAA 2001:978:1:b::d
;; Query time: 1 msec
;; SERVER: 12.238.189.39#53(12.238.189.39)
;; WHEN: Mon Oct 28 12:55:16 2013
;; MSG SIZE rcvd: 286
However, and her is the rub, when I do the same reverse look-up at any of their servers I get a list of root servers back. Shouldn't I be getting back the IP address pointer back? Also according to IntoDNS two of their servers are misconfigured or non-existant.
Here is what I get instead:
prompt> dig @216.35.163.10 -x 198.173.12.21
; <<>> DiG 9.8.4-P1-RedHat-9.8.4-3.P1.fc16 <<>> @216.35.163.10 -x 198.173.12.21
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29478
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;21.12.173.198.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
. 3600 IN NS j.root-servers.net.
. 3600 IN NS l.root-servers.net.
. 3600 IN NS i.root-servers.net.
. 3600 IN NS m.root-servers.net.
. 3600 IN NS a.root-servers.net.
. 3600 IN NS b.root-servers.net.
. 3600 IN NS c.root-servers.net.
. 3600 IN NS d.root-servers.net.
. 3600 IN NS e.root-servers.net.
. 3600 IN NS f.root-servers.net.
. 3600 IN NS g.root-servers.net.
. 3600 IN NS h.root-servers.net.
. 3600 IN NS k.root-servers.net.
;; ADDITIONAL SECTION:
j.root-servers.net. 3600 IN A 192.58.128.30
l.root-servers.net. 3600 IN A 199.7.83.42
i.root-servers.net. 3600 IN A 192.36.148.17
;; Query time: 59 msec
;; SERVER: 216.35.163.10#53(216.35.163.10)
;; WHEN: Mon Oct 28 13:00:29 2013
;; MSG SIZE rcvd: 507
Am I missing something or is their DNS misconfigured?
Any help is greatly appreciated. Want to verify they have a misconfiguration before letting the admin know.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131028/ce8734fc/attachment.html>
More information about the bind-users
mailing list