Previous 1 2 Next 19 Replies Latest reply: Feb 11, 2006 12:02 PM by Marshall Merritt
Marshall Merritt Level 1 Level 1 (75 points)
I have my domain name (funsunstudio.com) at godaddy.com and have created all of my MX, SPF, & CName records. I kept their nameservers. I have my XServe G5 setup to send and recieve mail. I can recieve my mail just fine and I can send my mail to most accounts. If I try to send an e-mail to an AOL account I get the following Error Message http://postmaster.info.aol.com/errors/421dnsnr.html:

Reverse DNS lookup for your IP address is failing. AOL does require that all connecting Mail Transfer Agents have established reverse DNS.


Now I went to www.mxtoolbox.com and typed in my IP Address (12.146.245.34) and it said Reverse DNS failed. My email server is mail.funsunstudio.com Now I can send to just about any other account (only other one that I have had a problem with is roadrunner e-mails). I have a seperate IP address for my website and for my e-mail. Everything looks to be right when I do a dig on my domain as well. This was working for a couple days and then it quit working (without me touching anything).


Here is what postconf -n outputs:
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
localrecipientmaps = proxy:unix:passwd.byname $alias_maps
luser_relay =
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mapsrbldomains =
messagesizelimit = 0
mydestination = $myhostname,localhost.$mydomain,funsunstudio.com
mydomain = funsunstudio.com
mydomain_fallback = localhost
myhostname = mail.funsunstudio.com
mynetworks = 127.0.0.1/32,10.0.0.1/32,12.146.245.32/28
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdclientrestrictions = permit_mynetworks rejectrblclient sbl-xbl.spamhaus.org permit
smtpdtls_keyfile =
unknownlocal_recipient_rejectcode = 550
virtualmailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp


I am not an open relay and everything else is working great, I just can't seem to get this reverse DNS problem to start working again. Any help would be appreciated.
  • pterobyte Level 6 Level 6 (10,910 points)
    Marshall,

    your IP (12.146.245.34) has no reverse resolution. This must be added to the DNS catering to the reverse zone of this address. Most likely your ISP (Don't know godaddy so cannot help there).
    The DNS handling the forward and the reverse zone must not necessarily be the same. You need to talk to your ISP.

    Alex
  • Marshall Merritt Level 1 Level 1 (75 points)
    My ISP is AT&T with whom I have my T-1 Line. So I need to call them up right and tell the the situation? I was just making sure that I had all my MX Records & all correct. Also I could host my own DNS through my server and have reverse lookup that way, would that solve the problem. Thanks for the quick reply Alex.
  • pterobyte Level 6 Level 6 (10,910 points)
    Yes, this is correct.

    Even if you host your own DNS this will only do for forward resolution. Reverse resolution only works on your own DNS if the owner of your IP Class/Subnet delegates reverse resolution to you (which typically is only done if you have a large number of IPs).

    Note: It is only important for reverse resolution to be in place. It doesn't have to resolve to mail.yourdomain.tld, it just has to resolve. Normally providers do something like:
    34.245.146.12.in-addr.arpa. 86400 IN PTR 12-146-245-34.clients.isp.tld
    This is good enough. Mail servers only check for a resolution, but not if the hosts actually match. This is also because of virtual domains this would never work properly otherwise.

    Alex

    P.S. Your MX and A records are OK:
    ; <<>> DiG 9.2.2 <<>> funsunstudio.com mx

    ;; QUESTION SECTION:
    ;funsunstudio.com. IN MX

    ;; ANSWER SECTION:
    funsunstudio.com. 3600 IN MX 0 mail.funsunstudio.com.
    ------------
    ; <<>> DiG 9.2.2 <<>> mail.funsunstudio.com

    ;; QUESTION SECTION:
    ;mail.funsunstudio.com. IN A

    ;; ANSWER SECTION:
    mail.funsunstudio.com. 3568 IN A 12.146.245.34
  • Marshall Merritt Level 1 Level 1 (75 points)
    Thank you again Alex. I honestly suspected there could be an issue with my ISP but I wanted to get another person's view on my settings before I made the call. I appreciate your help and quick responses.
  • Marshall Merritt Level 1 Level 1 (75 points)
    Ok so I e-mailed AT&T and they gave me this reply on the 23rd.

    "
    This is to confirm we have added reverse ip block as a delegation as
    requested, which will begin to propagate on our Network at 2:00 PM
    Central Time.

    *******************

    Following is an example of how a partial c class should be set up.

    0/27.161.2.12.in-addr.arpa. 3600 SOA dns2.anydomain.com.
    administrator.anydomain.com. (
    2002050202 ; serial
    14400 ; refresh (4 hour)
    600 ; retry (10 mins)
    600000 ; expire (7 day)
    86400) ; minimum (1 day)
    0/27.161.2.12.in-addr.arpa. 3600 NS dns2.anydomain.com.
    0/27.161.2.12.in-addr.arpa. 3600 NS
    cbru.br.ns.els-gms.att.net.
    0/27.161.2.12.in-addr.arpa. 3600 NS
    dbru.br.ns.els-gms.att.net.
    1.0/27.161.2.12.in-addr.arpa. 3600 PTR gw.anydomain.com.
    10.0/27.161.2.12.in-addr.arpa. 3600 PTR hidden4.anydomain.com."

    So I did that and I am still having the exact same error.

    Here is my named.conf file:

    zone "funsunstudio.com" in {
    file "funsunstudio.com.zone";
    type master;
    };

    zone "245.146.12.in-addr.arpa" IN {
    file "db.12.146.245";
    type master;
    };


    Here is my funsunstudio.com.zone file:

    $TTL 3600
    funsunstudio.com. IN SOA ns1.funsunstudio.com. marshall.funsunstudio.com. (
    2006012500 ; serial
    3h ; refresh
    1h ; retry
    1w ; expiry
    1h ) ; minimum
    funsunstudio.com. IN NS ns1.funsunstudio.com.
    funsunstudio.com. IN NS ns2.funsunstudio.com.
    funsunstudio.com IN A 12.146.245.42
    www IN A 12.146.245.42
    ns1 IN A 12.146.245.40
    ns2 IN A 12.146.245.41
    mail IN A 12.146.245.34
    funsunstudio.com. IN MX 0 mail


    Here is my db.12.146.245 file:

    $TTL 3600
    245.146.12.in-addr.arpa. IN SOA ns1.245.146.12.in-addr.arpa. marshall.funsunstudio.com. (
    2006012500 ; serial
    3h ; refresh
    1h ; retry
    1w ; expiry
    1h ) ; minimum
    40.245.146.12.in-addr.arpa. IN NS ns1.funsunstudio.com.
    41.245.146.12.in-addr.arpa. IN NS ns2.funsunstudio.com.
    40.245.146.12.in-addr.arpa. IN PTR ns1.funsunstudio.com.
    41.245.146.12.in-addr.arpa. IN PTR ns2.funsunstudio.com.
    34.245.146.12.in-addr.arpa. IN PTR mail.funsunstudio.com.
    42.245.146.12.in-addr.arpa. IN PTR www.funsunstudio.com.



    Can someone please tell me why I am having so much trouble with this? This is getting really frustrating. Between GoDaddy telling me that they do not all reverse DNS on their e-mail to AT&T not enabling Rervse DNS the first time, I am getting tired of this run around. I am hosting all DNS on my servers directly so I can edit all the config files myself. I have been using http://www.mxtoolbox.com to check my status. Any help would be appreciated.

    Btw: XServe G5 DP 2.3 & Server 10.4.4

    Thanks,
    Marshall
  • pterobyte Level 6 Level 6 (10,910 points)
    There is still no reverse resolution.
    This is either because reverse resolution has not been delegated/delegated properly or because your/the handling DNS is not properly configured.
    Are you sure reverse resolution get's delegated to ns1.funsunstudio.com/ns2.funsunstudio.com and not somewhere else? It may be worth waiting an extra day. If the sysadmin at AT & T send you the notice too early changes may be visible only after the next update tonight.

    Also your DNS is setup to reverse resolve for the whole c class. Unless you own the whole c class this should be changed (this however will not cause your problem, so not to worry).
  • Marshall Merritt Level 1 Level 1 (75 points)
    thanks pterobyte, I don't doubt the system admin's at AT&T have screwed this one up (yet again), so I'm going to wait another day and see if anything changes. Thanks.
  • Marshall Merritt Level 1 Level 1 (75 points)
    Ok so I e-mailed them back and this was the response I got

    "This is to confirm name servers have been updated as requested, which
    will begin to propagate on our Network at 2:00 PM Central TIme.

    Thank you

    AT&T DNS Technical Support"

    That was on the 26th, so last Thursday, & I still have Failed Reverse DNS. Also I know that I was resolving it for the whole C Class I just wanted to see if that made it work. So what are my options from here? I know my DNS is being hosted correctly on my XServe because if you do anytype of dig or lookup it returns the correct addresses' and everything so what's next? I have never had this issue before...
  • pterobyte Level 6 Level 6 (10,910 points)
    Marshall,

    I just checked your DNS directly and it resolves just fine. However, when I try to lookup through any other DNS it doesn't resolve.

    This clearly means that reverse resolution for 12.146.245.34 is not delegated to your name server or blocked "on the road". Could it be your ISP is delegating to a different name server? Did you maybe have another name server before which is still in your ISPs records? Or could it be that GoDaddy is blocking it by any chance?
    There aren't many other options left otherwise.

    Alex
  • Marshall Merritt Level 1 Level 1 (75 points)
    Alex,

    I did have it resolve to GoDaddy's DNS servers, but when I contacted GoDaddy about Reverse DNS they said they do not all Rervse DNS to their Namservers, so I switched them to my XServe. When I did that I sent AT&T an e-mail on the 25th, with the new nameservers, then on the 26th got the following e-mail "This is to confirm name servers have been updated as requested, which will begin to propagate on our Network at 2:00 PM Central TIme." So I waited until today for it to spread through the networks.

    Also, would you mind telling me how you resolved directly to me?

    Thanks for all the help so far Alex, I really appreciate it.

    Marshall

  • pterobyte Level 6 Level 6 (10,910 points)
    Also, would you mind telling me how you resolved directly to me?

    By "telling" dig or nslookup to use your nameserver instead of mine.
    (In nslookup use "server ns.domain.tld" before doing lookups for example)

    BTW: I just tried checking again this very momen and your NS wasn't responding at all. Did you turn it off?
  • pterobyte Level 6 Level 6 (10,910 points)
    Marshall,

    I just checked on AT&Ts name server:


    --------------
    server DBRU.BR.NS.ELS-GMS.ATT.NET

    Default server: DBRU.BR.NS.ELS-GMS.ATT.NET
    Address: 199.191.128.106#53
    12.146.245.34

    Server: DBRU.BR.NS.ELS-GMS.ATT.NET
    Address: 199.191.128.106#53

    Non-authoritative answer:
    34.245.146.12.in-addr.arpa canonical name = 34.32/28.245.146.12.in-addr.arpa.

    Authoritative answers can be found from:
    32/28.245.146.12.in-addr.arpa nameserver = ns1.funsunstudio.com.
    32/28.245.146.12.in-addr.arpa nameserver = ns2.funsunstudio.com.
    --------------

    From what I can tell your network is 12.146.245.32 - 12.146.245.47 which translates to 12.146.245.32/28 in CIDR notation, so it looks OK.

    I noticed some intermittent failures on your DNS. Don't know if you are "playing" with it or if there is an issue.
  • Marshall Merritt Level 1 Level 1 (75 points)
    Alex,

    Yes I did turn it off, I restarted my XServe. Now I have it back up and running like normal. It did resolve when I did the nslookup. But it still won't resolve throughout the internet.

    Thanks again,
    Marshall
  • Marshall Merritt Level 1 Level 1 (75 points)
    Alex,

    read my post above yours just now, I was playing with it, but I quit now once you told me that it was resolving straight to my nameserver.

    you are a lifesaver so far, thanks.

    Marshall
Previous 1 2 Next