Re: Basic Questions about Reverse DNS

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Laura & Herb,

Thanks for the replies. You guys did a great job of explaining how it
works.

There's only one thing I don't understand -- given your explanation of
reverse DNS, I don't see how it can effectively prevent spam. What
makes a spammer mail server less likely to have a reverse DNS entry
than a legitimate mail server?

-TC


Herb Martin wrote:
Everything Laura said (really well) plus to point
out something that never seems obvious to new
email-DNS admins:

Your Email SMTP server can report any name
you wish in the HELO/EHLO message.

This is the name that should be match the reverse
record for the IP the SMTP server uses.

Notice that a single SMTP server might handle
mail for many (even thousands) of different
domains (e.g., ISPs do this all the time) and that
the HELO name does not need to have anything
to do with the From: addresses in the email.

Once you realize that a single SMTP server obviously
only reports one HELO name but can handle email for
many zones/domains then it usually clarifies the
relationship between DNS name (forward), reverse,
and HELO name.

These need to match (to be trusted by the greatest
number of receiving SMTP servers) but they don't
need to match your own domain/email names....

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Laura E. Hunter [MVP]" <nospamplease> wrote in message
news:uAnowZyEHHA.2312@xxxxxxxxxxxxxxxxxxxxxxx
Replies in-line

"TC" <golemdanube@xxxxxxxxx> wrote in message
news:1164679834.458395.71540@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have a couple of basic questions about "Reverse DNS":


1. How does Reverse DNS deal with multiple hostnames per IP address?

Every example I've seen of Reverse DNS shows only one hostname per IP
address. Isn't it common, however, to have multiple hostnames per IP
address? How does Reverse DNS deal with that?

In my specific case, I use one mail server to handle three domains.
I've created three different PTR records for the server's IP address,
but I don't think it's working.



You should only have a single reverse DNS entry for each IP address.
Although DNS allows multiple reverse DNS entries, most Internet programs
will only use the first one. That means that if you have multiple reverse
DNS entries, you can experience different behavior depending on which
reverse DNS entry is listed first.

The common concern people have is that they run a mailserver that handles
multiple domains and think they need one reverse DNS entry for each one.
This is not true. Anti-spam software can't safely compare the reverse DNS
entry to any domains in the E-mail (such as that of the sender, or
HELO/EHLO). So it just makes sure that [1] the reverse DNS entry exists,
and [2] the hostname in the reverse DNS entry points back to the same IP
(see the following response).

2. When a mail server uses Reverse DNS to identify spam, what exactly
is it doing? Is it looking at the return address of the email, and
making sure that the IP address and hostname match both forward and
backward? (Somehow, I don't think that's right, but I don't know what
is...)

I've discovered that some (but not all) of my emails are failing a
Reverse DNS spam check, but I can't figure out why.


It works like this: if the reverse DNS entry for the IP of your mailserver
at 192.0.2.25 is "mail.example.com", then mail.example.com *must* have an
A record pointing to 192.0.2.25. If it has no A record, or has an A
record pointing to another IP, then anti-spam software may reject your
E-mail (without requiring the matching A record, you could put in a
reverse DNS entry on any domain you wanted, even if it is not your
domain).

All help is appreciated.
-TC


HTH

--
Laura E. Hunter
Microsoft MVP: Windows Server - Networking
Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)
Author: _Active Directory Cookbook, Second Edition_
(http://tinyurl.com/z7svl)

Responses provided as-is; no warranties expressed or implied

.

Relevant Pages

  • Re: Basic Questions about Reverse DNS
    ... Your Email SMTP server can report any name ... Every example I've seen of Reverse DNS shows only one hostname per IP ... You should only have a single reverse DNS entry for each IP address. ...
    (microsoft.public.windows.server.dns)
  • Re: educating rDNS violators
    ... but have a reverse DNS entry that points to ... the smtp server to the domain name in the email address. ... filtering out mail from servers with a bad rDNS ...
    (Security-Basics)
  • Re: Reverse DNS
    ... to have the same IP address associated with many A records, only one PTR ... What your ISP is doing is allowing ... there is a choice of only setting up reverse DNS on the IP ... name to match the HELO name of the SMTP server no matter ...
    (microsoft.public.windows.server.dns)
  • Re: Basic Questions about Reverse DNS
    ... reverse DNS, I don't see how it can effectively prevent spam. ... Your Email SMTP server can report any name ... You should only have a single reverse DNS entry for each IP address. ...
    (microsoft.public.windows.server.dns)
  • Re: Basic Questions about Reverse DNS
    ... How does Reverse DNS deal with multiple hostnames per IP address? ... Every example I've seen of Reverse DNS shows only one hostname per IP ... You should only have a single reverse DNS entry for each IP address. ...
    (microsoft.public.windows.server.dns)