Reverse DNS lookup or reverse DNS resolution

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
User avatar
VadaDosaIdly
New user
New user
Posts: 20
Joined: 2020-05-26 16:03

Reverse DNS lookup or reverse DNS resolution

Post by VadaDosaIdly » 2020-07-08 23:53

Hello,

I made few email spam tests using online tools and my score is over 8 out of 10.
One thing I could not figure out how to fix reverse dns. Reverse dns always returning name server (NS) record (myServerName.myNameserverDomain.com) even though I have a PTR record pointing to mail.myDomain.com and 'A' record for mail.myDomain.com pointing to IP address.

I have myServerName.myNameserverDomain.com (NS) and mail.myDomain.com using same IP address. Is this a problem? Can I not have one IP for both NS and mail server?

User avatar
johang
Senior user
Senior user
Posts: 286
Joined: 2008-09-01 09:20

Re: Reverse DNS lookup or reverse DNS resolution

Post by johang » 2020-07-09 11:46

VadaDosaIdly wrote:
2020-07-08 23:53
Hello,

I made few email spam tests using online tools and my score is over 8 out of 10.
One thing I could not figure out how to fix reverse dns. Reverse dns always returning name server (NS) record (myServerName.myNameserverDomain.com) even though I have a PTR record pointing to mail.myDomain.com and 'A' record for mail.myDomain.com pointing to IP address.

I have myServerName.myNameserverDomain.com (NS) and mail.myDomain.com using same IP address. Is this a problem? Can I not have one IP for both NS and mail server?

reverse dns is held by the "owner" of the IPadress space ! ( you have to talk to your ISP which is the "owner" of you IP adress space, YOU CANNOT fix this yourself )
( or you just use the name that the ISP put there in the first place ( if they put a name there ) )

of course the NS and mail can have the same IP, BUT be very careful using cnames.. try avoid them.. actually.. dont try .. rather AVOID THEM !!!
but if youre question is that you want 2 ptr records for the same IP .... my limited knowledge tells me that only 1 name per ptr is possible
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

User avatar
jim.bus
Senior user
Senior user
Posts: 409
Joined: 2011-05-28 11:49
Location: US

Re: Reverse DNS lookup or reverse DNS resolution

Post by jim.bus » 2020-07-09 12:44

johang wrote:
2020-07-09 11:46

BUT be very careful using cnames.. try avoid them.. actually.. dont try .. rather AVOID THEM !!!
but if youre question is that you want 2 ptr records for the same IP .... my limited knowledge tells me that only 1 name per ptr is possible
While using a CNAME is against the RFC, it does work. I used CNAMES as Email Server names for years until a year or so I switched to using the A Record as you're supposed to do as per RFC. The problem with CNAME is something like it can cause an extra load on the DNS Servers. I believe I also read somewhere that it's somehow possible for aCNAME to resolve to two different IP Addresses though I don't know how that works. I've probably never had any problems because my email transaction volume is very low.

I have multiple hostnames which all point to the same IP Address. So I use a PTR for each hostname.

User avatar
johang
Senior user
Senior user
Posts: 286
Joined: 2008-09-01 09:20

Re: Reverse DNS lookup or reverse DNS resolution

Post by johang » 2020-07-09 13:34

jim.bus wrote:
2020-07-09 12:44
johang wrote:
2020-07-09 11:46

BUT be very careful using cnames.. try avoid them.. actually.. dont try .. rather AVOID THEM !!!
but if youre question is that you want 2 ptr records for the same IP .... my limited knowledge tells me that only 1 name per ptr is possible
While using a CNAME is against the RFC, it does work. I used CNAMES as Email Server names for years until a year or so I switched to using the A Record as you're supposed to do as per RFC. The problem with CNAME is something like it can cause an extra load on the DNS Servers. I believe I also read somewhere that it's somehow possible for aCNAME to resolve to two different IP Addresses though I don't know how that works. I've probably never had any problems because my email transaction volume is very low.

I have multiple hostnames which all point to the same IP Address. So I use a PTR for each hostname.
some times things work and sometimes it does not.

i recommend reading something like:
https://www.freecodecamp.org/news/why-c ... ab38e5f5c/

i especially think it is of interest to read the part about:

Because a standard is in place for a CNAME to be the only record at a node, no other records are looked for. All other records will be silently ignored, without warning or error messages. Even if an MX record was set to receive email, the MX will be ignored as if it doesn’t exist because the CNAME is evaluated first. The same is true if there were an A record: the CNAME would take precedence and the A record would not be read.




i am impressed by the ease everyone seems to have gotten delegation of x.x.x.x.in.addr.arpa to a name server of their choice .. or is everyone using their ISPs or hosting companys DNS servers ( where i understand you can set PTR records easily ) ? myself i have to talk to the ISP and get them to put in the PTR so that resolving works.
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

User avatar
jim.bus
Senior user
Senior user
Posts: 409
Joined: 2011-05-28 11:49
Location: US

Re: Reverse DNS lookup or reverse DNS resolution

Post by jim.bus » 2020-07-09 23:43

johang wrote:
2020-07-09 13:34
jim.bus wrote:
2020-07-09 12:44
johang wrote:
2020-07-09 11:46

BUT be very careful using cnames.. try avoid them.. actually.. dont try .. rather AVOID THEM !!!
but if youre question is that you want 2 ptr records for the same IP .... my limited knowledge tells me that only 1 name per ptr is possible
While using a CNAME is against the RFC, it does work. I used CNAMES as Email Server names for years until a year or so I switched to using the A Record as you're supposed to do as per RFC. The problem with CNAME is something like it can cause an extra load on the DNS Servers. I believe I also read somewhere that it's somehow possible for aCNAME to resolve to two different IP Addresses though I don't know how that works. I've probably never had any problems because my email transaction volume is very low.

I have multiple hostnames which all point to the same IP Address. So I use a PTR for each hostname.
some times things work and sometimes it does not.

i recommend reading something like:
https://www.freecodecamp.org/news/why-c ... ab38e5f5c/

i especially think it is of interest to read the part about:

Because a standard is in place for a CNAME to be the only record at a node, no other records are looked for. All other records will be silently ignored, without warning or error messages. Even if an MX record was set to receive email, the MX will be ignored as if it doesn’t exist because the CNAME is evaluated first. The same is true if there were an A record: the CNAME would take precedence and the A record would not be read.




i am impressed by the ease everyone seems to have gotten delegation of x.x.x.x.in.addr.arpa to a name server of their choice .. or is everyone using their ISPs or hosting companys DNS servers ( where i understand you can set PTR records easily ) ? myself i have to talk to the ISP and get them to put in the PTR so that resolving works.
I read the link you supplied and if I interpreted the link correctly, I believe when I was using CNAMEs the issue of the CNAME overriding the A-Record was not an issue because what I did was to create an A-Record Subdomain name and then created a CNAME Record which referenced the Subdomain name A-Record. So even if the A-Record was ignored as indicated in the link, the CNAME Record still reference the same IP Address the Subdomain A-Record pointed to. I believe the only other consideration was a performance hit but I didn't believe that to be significant because I don't have a complex DNS structure as my Domains are not for business but rather for personal usage.

Again I am now using A-Records in my MX Record so I don't believe I now have any of those considerations regarding using CNAMEs.

User avatar
VadaDosaIdly
New user
New user
Posts: 20
Joined: 2020-05-26 16:03

Re: Reverse DNS lookup or reverse DNS resolution

Post by VadaDosaIdly » 2020-07-10 19:59

Hello Johang
reverse dns is held by the "owner" of the IPadress space ! ( you have to talk to your ISP which is the "owner" of you IP adress space, YOU CANNOT fix this yourself )
( or you just use the name that the ISP put there in the first place ( if they put a name there ) )
I do not think, it has anything to do with my ISP. This is simply because, reverse dns is reading PTR records that I set in my DNS server.
I have set two PTR records. One record point IP to my physical server myServerName.myDomain.com ns second ecord pints same IP to mail server mail.myDomain.com that is running on same machine.

By the I have not said anywhere using CNAME record. Why are we talking about CNAME?
Hello All,
Discussions on this post slowly drifting away. Please focus and answer to my initial post.

User avatar
jim.bus
Senior user
Senior user
Posts: 409
Joined: 2011-05-28 11:49
Location: US

Re: Reverse DNS lookup or reverse DNS resolution

Post by jim.bus » 2020-07-10 20:41

VadaDosaIdly wrote:
2020-07-10 19:59
Hello Johang
reverse dns is held by the "owner" of the IPadress space ! ( you have to talk to your ISP which is the "owner" of you IP adress space, YOU CANNOT fix this yourself )
( or you just use the name that the ISP put there in the first place ( if they put a name there ) )
I do not think, it has anything to do with my ISP. This is simply because, reverse dns is reading PTR records that I set in my DNS server.
I have set two PTR records. One record point IP to my physical server myServerName.myDomain.com ns second ecord pints same IP to mail server mail.myDomain.com that is running on same machine.

By the I have not said anywhere using CNAME record. Why are we talking about CNAME?
Hello All,
Discussions on this post slowly drifting away. Please focus and answer to my initial post.
I believe johang was cautioning you about having CNAMEs in your DNS because according to the link provided, the discussion in it indicated even though you may not use a CNAME in your MX Record, the way CNAMEs in DNS worked caused the CNAME Record to be used even though you referenced the A Record in the MX. I am only assuming this was why johang cautioned about using CNAMEs in DNS.

User avatar
VadaDosaIdly
New user
New user
Posts: 20
Joined: 2020-05-26 16:03

Re: Reverse DNS lookup or reverse DNS resolution

Post by VadaDosaIdly » 2020-07-10 20:45

Thanks jim.bus for replying. :)
I got that but my original post is not yet answered and I awaiting for replies related to my original questions. :!:

User avatar
katip
Senior user
Senior user
Posts: 764
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Reverse DNS lookup or reverse DNS resolution

Post by katip » 2020-07-10 21:08

VadaDosaIdly wrote:
2020-07-10 20:45
I awaiting for replies related to my original questions. :!:
IMO, first reply by johang next to your original post was a good answer to your question.
ask your ISP to setup rDNS for your myServerName.myNameserverDomain.com or mail.myDomain.com, whichever you like.
this has nothing to do with your DNS records in your domain panel or local DNS server.
Katip
--
HMS 5.7.0 x64, MariaDB 10.4.10 x64, SA 3.4.2, ClamAV 0.101.2 + SaneS

User avatar
SorenR
Senior user
Senior user
Posts: 3670
Joined: 2006-08-21 15:38
Location: Denmark

Re: Reverse DNS lookup or reverse DNS resolution

Post by SorenR » 2020-07-11 12:29

RFC and e.g. BIND do NOT prevent having multiple PTR records for any given IP address ... HOWEVER ... it is recommended that you DO NOT deploy multiple PTR records for the same IP Address based on the assumption that SOFTWARE/SERVICES are NOT DESIGNED to handle multiple PTR records for the same IP Address.

https://serverfault.com/questions/61870 ... ecommended
The PTR record for a reverse name (eg 7.2.0.192.in-addr.arpa) is expected to identify the canonical name that is associated with that IP address.
Both the gateway pointers at network nodes and the normal host pointers at full address nodes use the PTR RR to point back to the primary domain names of the corresponding hosts.
From: http://tools.ietf.org/html/rfc1035#section-3.5

This expectation is reflected in software that does reverse lookups; often such software specifically expects a single name back and it expects to be able to use that name as a canonical name for that host. If there are multiple names returned it's common to just take one at random because they have absolutely no way of knowing which one you would have preferred for this particular occasion.

As the general expectation is that there is one canonical name associated with an IP address and that name is what the PTR should point to, adding multiple names generally has no upside (nothing expects any random A/AAAA record to have a matching PTR) but it has a potential downside as it can cause strange results as you have no control over which of your PTR records will be used if you have added more than one.

In essence, if you have multiple PTR records you do not actually make your host appear more legitimate but rather the opposite, you run the risk of failing some validation or otherwise breaking something.

As a perhaps somewhat extreme metaphor, handing over five passports all with your photo but with different names at the airport is probably not going to be received as well as if you just hand over one.
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
johang
Senior user
Senior user
Posts: 286
Joined: 2008-09-01 09:20

Re: Reverse DNS lookup or reverse DNS resolution

Post by johang » 2020-07-11 23:47

VadaDosaIdly wrote:
2020-07-10 19:59
Hello Johang
reverse dns is held by the "owner" of the IPadress space ! ( you have to talk to your ISP which is the "owner" of you IP adress space, YOU CANNOT fix this yourself )
( or you just use the name that the ISP put there in the first place ( if they put a name there ) )
I do not think, it has anything to do with my ISP. This is simply because, reverse dns is reading PTR records that I set in my DNS server.
I have set two PTR records. One record point IP to my physical server myServerName.myDomain.com ns second ecord pints same IP to mail server mail.myDomain.com that is running on same machine.

By the I have not said anywhere using CNAME record. Why are we talking about CNAME?
Hello All,
Discussions on this post slowly drifting away. Please focus and answer to my initial post.

talking about cnames is my fault, i have stopped it here then ..


i still stand by that you have to either get delegation of classless in.addr.arpa ptr to your DNS server of choice ( this is absolutetly not automatic, perhaps your ISP does it ?? really cool in that case )
or you will have to use your ISPs dns to get a rDNS PTR record working..

think of it like this ... if you just put a ptr record in your domain .. how will my computer ever know to go to your domain if i want to to look up an IPadress ?? ( it goes to your domain based on domain-name not IP )
we can test it .. please put in a ptr record for 8.8.8.8 in your domain, then run a test on another dns server ( or here https://mxtoolbox.com/ReverseLookup.aspx ) and see if you have changed it for google ..
___________________________________________________________end of the line
spam filter appliance gateway: www.mailcleaner.org

Post Reply