Monday 29 July 2013

Fixing Reverse DNS

Fixing your Revers DNS (RDNS)


One of the big problems with email these days is spam and to fight spam many services like us at Junk Email Filter rely on Reverse DNS to get information about the IP address of the email server that is trying to connect to us. If we can't read your reverse DNS your email will probably get through but if you have any other problem in addition to bad RDNS then your email might get blocked or delayed. And neither you or us want that to happen.

As we all know reverse DNS is tricky and if you are reading this you might have a problem you need to solve. You might think your reverse DNS is right but it might not be. There are two things you need to get right in order for RDNS to work correctly. You need:

  1. A PTR record that returns a NAME for the IP address that is being looked up.

  2. The name that is looked up must resolve back to the same IP address. The goal is:


IP -> NAME
NAME -> IP

Often the second one is done improperly causing the RDNS to fail.

For example. suppose your IP address is 69.50.231.166. Running dig (a Linux command line utility) returns:
dig -x 69.50.231.166

;; ANSWER SECTION:
166.231.50.69.in-addr.arpa. 1019 IN PTR smtp166.junkemailfilter.com.

This is correct. Now we look up smtp166.junkemailfilter.com
dig smtp166.junkemailfilter.com

;; ANSWER SECTION:
smtp166.junkemailfilter.com. 7200 IN A 69.50.231.166

You'll notice that it resolves back to the same IP address. This is very important because it prevents other's from spoofing your domain.
69.50.231.166 -> smtp166.junkemailfilter.com
smtp166.junkemailfilter.com -> 69.50.231.166

 

Testing your Reverse DNS


You can check the reverse DNS of an IP address here.

Common Mistakes


Many people think their RDNS is correct but they make common mistakes such as:

  1. The name returned resolves to a different IP address than the original.

  2. The name returned doesn't resolver to anything.


For example, suppose your IP is 9.9.9.9 and you set the PTR record to return mail.mydomain.com. When someone looks up the RNDS for 9.9.9.9 they get mail.mydomain.com. But when they look up mail.mydomain.com it returns 8.8.8.8 which is not 9.9.9.9, or even worse, the name doesn't resolve at all.

To fix the problem you would have to make sure that mail.mydoimain.com resolves to 9.9.9.9.

If you make these changes and you get it right then you will have a much easier time not only delivering email to us but also to thousands of other email servers that have the same issues we do. We hope this information is helpful in resolving your RDNS problem.

No comments:

Post a Comment