Re: Reverse DNS/PTR
- From: "ObiWan [MVP]" <obiwan@xxxxxxxx>
- Date: Wed, 24 May 2006 17:11:50 +0200
What is the purpose for reverse DNS/PTR in an email server?
What is the meaning of "The reverse DNS / PTR record is quite
generic and there are many IPs around with similar generic reverse
DNS"? Your enlightenment is highly appreciated.
Let's start from the basics; let's say we have a mailserver called
mail.foo.com and sitting on the 24.130.121.21 IP address, now,
we will have TWO distinct DNS entries for the mailserver, that is
the "forward" one mapping mail.foo.com to 24.130.121.21
the "reverse" one mapping 21.121.130.24.in-addr.arpa to mail.foo.com
at this point I hope you've the forward/reverse DNS entries concept
clear, the forward entry allows you to find out the IP of a given host
knowing its name, the reverse .. does the .. reverse :) that is allows
you to find out the name of a given host knowing its IP; now...
one of the checks many mailservers perform nowadays (due to spam
issues) is verifying that the "HELO" string sent out from a given host
attempting to send mail matches with the reverse DNS lookup of that
host IP; I mean..
Let's say I connect to an SMTP server on its port 25/tcp and start a
session to send mail; my first SMTP command will be
HELO mail.foo.com
at this point the SMTP server will have TWO informations; the IP from
which I'm connecting to IT (let's say it's 24.130.121.21) and the name
I'm using in my helo string; the SMTP server may now try to retrieve
my DNS PTR record, so it will ask for the PTR record corresponding
to 21.121.130.24.in-addr.arpa and, looking at the above example it will
receive "mail.foo.com" as an answer, now, since both, my "HELO"
name and the reverse-check are matching the mailserver will be
somewhat reassured and will allow me to carry on my mail transaction
Now.. let's see what will happen if I don't have a correct PTR record;
the DNS will still perform the query, but, instead of receiving the name
I used in my "HELO" string it will either receive "nothing" or something
like (e.g.) "c-24-130-121-21.hsd1.ca.comcast.net." in either case the
mail server won't have a "match" and may then decide (based on the
server admin settings) to refuse my mail transaction
So, to make a long story short, if you need to setup your mailserver and
directly send email to external servers, you'll need to correctly setup your
mailserver to announce itself with the correct name and to setup your
reverse (PTR) record to match that name (you'll also need to have the
correct MX and SPF records but that's a different issue)
I hope it's clear now; if not, feel freee to repost and ask details
Regards
--
* ObiWan
Microsoft MVP: Windows Server - Networking
http://www.microsoft.com/communities/MVP/MVP.mspx
http://italy.mvps.org
.
- References:
- Reverse DNS/PTR
- From: Scott
- Reverse DNS/PTR
- Prev by Date: Re: '03 server with dual NIC
- Next by Date: Resolve the name of a (multihomed) server to different IP addresses
- Previous by thread: Re: Reverse DNS/PTR
- Next by thread: DNS Client Question
- Index(es):
Relevant Pages
|
