Re: Multiple A records and reverse DNS

Sat, 19 Mar 2016 13:01:43 -0700

Tom, when your mail server establishes a connection to another host, the receiving host will likely automatically check the PTR record of the IP address your server used as it's source address. This PTR record should have a corresponding A record that points to the same IP address that was looked up in the PTR record. This is sometimes referred to as a "verified" hostname. Without this, receiving mail servers may sometimes log your rDNS as unknown, which can look spammy to subsequent spam filters. You can have any number of other A records that point to your server, they are irrelevant to PTR verification. 

Example:

Your reverse zone:
1.1.1.1.in-addr.arpa.    IN    PTR    mail.adi.com.

Your adi.com zone:
mail.adi.com.    IN    A    1.1.1.1
smtp.adi.com.    IN    A    1.1.1.1
www.adi.com.    IN    A    1.1.1.1
foo.adi.com.    IN    CNAME    www.adi.com.
All the matters to PTR verification is that 1.1.1.1 has a PTR record and that PTR record exists as an A or CNAME that eventually points back to 1.1.1.1
As others have pointed out, this is best common practice for outgoing mail servers aka mail relays; However, I generally recommend having valid PTR records and having matching forward records for any servers. Maybe it's just me, but most of my server's send email - even MX servers (they do create NDR notices from time to time). 

--Blake


Thomas Schulz wrote on 3/17/2016 8:53 AM:

This is not a BIND question but I hope people here will know the answer.
We are switching service providers and I understand that many email SPAM
prevention systems insist on the reverse DNS matching the forward DNS.
If I have two A records for our mail server and the reverse record matches
one of them, will that be good enough. Or will the fact that the other A
record does not match cause trouble.

Tom Schulz
Applied Dynamics Intl.
sch...@adi.com
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to