Reverse dns setup for mail server

Question

Level 1

16 points

Reverse dns setup for mail server

Hi, I hope someone can help me out, I'm a little stuck.

I'm trying to get Yosemite's mail server to work correctly. It works fine for the most part but some mails are undeliverable due to not having reverse DNS setup correctly for the mail server.

I have one server which handles DNS, DHCP, and OD, amongst other things and another which is a dedicated mail server, no DNS or anything else setup on that one, just mail.

Email can be sent and received fine apart from for a few addresses which cause errors due to no reverse DNS.

The hostname and domain name are different and i think that's what is throwing me off in the DNS setting pane. The host name is XYZ.private with every client machine in the office bound to this domain. The domain is my company.com with the mail server being mail.mycompany.com.

So, the DNS server is macminiserver1.XYZ.private, the mail server is macminiserver2.XYZ.private and the mail domain is mail.mycompany.com.

I'm stuck setting the reverse DNS as the Server.app defaults to the XYZ.private and I'm not sure how to proceed. Any help would be greatly appreciated.

Thanks!

Posted on May 22, 2015 1:08 PM

Reply

Answer 1

Best reply

Strontium90

Level 5

4,833 points

May 22, 2015 8:04 PM in response to Roger Angus

I believe you are confusing LAN and WAN DNS. Let's look at an example.

You have an environment. Let's say angus.com. You have a firewall that protects this environment. On the outside of the firewall you have a public address that everyone else in the world accesses. For argument, the address is 17.18.19.20. You have associated an A record to this address: mail.angus.com. Ah, but this hits the firewall and the firewall allows NAT or PAT to get to the actual server running on the LAN. The LAN you control and you have set up DNS properly on the LAN. LAN devices that want to hit mail.angus.com hit a private address like 10.11.12.13. And since you control DNS, you also setup a PTR record so client on the LAN will get a forward resolve (mail.angus.com = 10.11.12.13) and will also get a reverse resolve 10.11.12.13 = 13.12.11.10.in-addr.arpa. You have an A and PTR record so the server on the LAN resolves to forward and reverse queries. But...

The mail servers that are trying to send you mail can not talk to your LAN DNS server. They can only talk to your registrar that is providing your public DNS. Now, many mail servers will reject mail sent to servers that do not reverse resolve (the assumption is that a mail server that does not have a PTR record is a SPAM bot). This is on the WAN side, not the LAN (they can not talk to your LAN resources). So this comes down to talking to your ISP. They are the ones responsible for giving you a PTR record.

Here is an example. If you run the following command:

nslookup mail.angus.com 8.8.8.8

(replace mail.angus.com with the actual public mail fully qualified mail domain) What do you get. Let's say the replay is 17.18.19.20 and this is your public IP address. Now try:

nslookup 17.18.19.20 8.8.8.8

You will likely get no answer. This is because publicly you have no reverse record. Contact your ISP and have then add a reverse record to your public IP address associated to your MX record.

Reid

Apple Consultants Network

Author "Yosemite Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

Reply

Answer 2

Roger Angus Author

Level 1

16 points

May 26, 2015 9:01 AM in response to Strontium90

Thank you so much. This solved my problem.

Reply