Re: about the A and PTR for sending mail
From: bind-users-bounces+msk=cloudmark@lists.isc.org [mailto:bind-users-bounces+msk=cloudmark@lists.isc.org] On Behalf Of Mark Andrews Sent: Wednesday, November 09, 2011 7:06 PM To: 风河 Cc: bind-us...@isc.org Subject: Re: about the A and PTR for sending mail While there is no RFC requirement that they match is there any reason not to make them match (the above records don't match) given that is the intent of the IN-ADDR.ARPA namespace? On 11.11.11 23:46, Murray S. Kucherawy wrote: Ideally I would agree, but there are some passable operational reasons for this to happen, and there are also some good operational ones as we enter IPv6-land. well, I don't know any now... Instead, I agree with another poster who suggested a mismatch or absence of this data in the DNS is good input to a scoring system, but not good grounds for outright rejection. That's highly depentent on the receiver system, and its policy. It's really useless to comply about it here. The point here is that the reverse records were simply invalid without any reason. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: about the A and PTR for sending mail
> -Original Message- > From: bind-users-bounces+msk=cloudmark@lists.isc.org > [mailto:bind-users-bounces+msk=cloudmark@lists.isc.org] On Behalf Of Mark > Andrews > Sent: Wednesday, November 09, 2011 7:06 PM > To: 风河 > Cc: bind-us...@isc.org > Subject: Re: about the A and PTR for sending mail > > While there is no RFC requirement that they match is there any reason > not to make them match (the above records don't match) given that is > the intent of the IN-ADDR.ARPA namespace? Ideally I would agree, but there are some passable operational reasons for this to happen, and there are also some good operational ones as we enter IPv6-land. Instead, I agree with another poster who suggested a mismatch or absence of this data in the DNS is good input to a scoring system, but not good grounds for outright rejection. -MSK ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the A and PTR for sending mail
On 10.11.2011 02:57, 风河 wrote: > I have two server IPs, the A records for them are: > > mail.dnsbed.com.300 IN A 74.117.233.4 > mail.dnsbed.com.300 IN A 74.117.232.204 > > The corresponding PTR records are: > > 4.233.117.74.in-addr.arpa. 36466 IN PTR dnsbed.com. > 204.232.117.74.in-addr.arpa. 36453 IN PTR dnsbed.com. The forward lookup for dnsbed.com returns:; 173.245.61.41 173.245.61.115 The reverse entries for your nameserver don't have to match your mailserver name but they must be consistent, i.e. the reverse must resolve forward to the IP address. mail.dnsbed.com -> 74.117.233.4 -> dnsbed.com -> 74.117.233.4 would be a consistent reverse/forward loop. mail.dnsbed.com -> 74.117.233.4 -> dnsbed.com -> 173.245.61.41 is not Maybe the easiest way would be to change the PTRs of 4.233.117.74.in-addr.arpa. and 204.232.117.74.in-addr.arpa to "mail.dnsbed.com", so you don't have to move the A records of dnsbed.com HTH, Hauke. signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the A and PTR for sending mail
In message , =?UTF-8?B?6aOO5rKz?= writes: > Hi, > > I know maybe this is not related to DNS question, so please excuse me > if it's not that suitable. > > I have two server IPs, the A records for them are: > > mail.dnsbed.com.300 IN A 74.117.233.4 > mail.dnsbed.com.300 IN A 74.117.232.204 > > The corresponding PTR records are: > > 4.233.117.74.in-addr.arpa. 36466 IN PTR dnsbed.com. > 204.232.117.74.in-addr.arpa. 36453 IN PTR dnsbed.com. > > But this setting can't make email sending successful. > The Postfix system says: > > postfix/smtp[13775]: A65713180D9: to=<***@freenet.de>, > relay=mx.freenet.de[195.4.92.211]:25, delay=1.2, > delays=0.29/0.02/0.76/0.16, dsn=5.0.0, status=bounced (host > mx.freenet.de[195.4.92.211] said: 550 inconsistent or no DNS PTR > record for 74.117.233.4 (see RFC 1912 2.1) (in reply to RCPT TO > command)) > > Is there any RFC item said the A and PTR records must be consistent? > And why they must? While there is no RFC requirement that they match is there any reason not to make them match (the above records don't match) given that is the intent of the IN-ADDR.ARPA namespace? > Thanks. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the A and PTR for sending mail
On Nov 9, 2011, at 5:57 PM, 风河 wrote: > I have two server IPs, the A records for them are: > > mail.dnsbed.com.300 IN A 74.117.233.4 > mail.dnsbed.com.300 IN A 74.117.232.204 > > The corresponding PTR records are: > > 4.233.117.74.in-addr.arpa. 36466 IN PTR dnsbed.com. > 204.232.117.74.in-addr.arpa. 36453 IN PTR dnsbed.com. So a double-reverse lookup check will fail, because the PTR records go to dnsbed.com and not to mail.dnsbed.com. > But this setting can't make email sending successful. > The Postfix system says: > > postfix/smtp[13775]: A65713180D9: to=<***@freenet.de>, > relay=mx.freenet.de[195.4.92.211]:25, delay=1.2, > delays=0.29/0.02/0.76/0.16, dsn=5.0.0, status=bounced (host > mx.freenet.de[195.4.92.211] said: 550 inconsistent or no DNS PTR > record for 74.117.233.4 (see RFC 1912 2.1) (in reply to RCPT TO > command)) > > > Is there any RFC item said the A and PTR records must be consistent? > And why they must? Why, yes-- by "see RFC 1912 2.1", they mean: http://www.ietf.org/rfc/rfc1912.txt This is only a "should" recommendation, and not a "must" requirement. freenet.de appears to be enforcing a rather strict policy check here, but a DNS mismatch is a decent indicator of spammy mailservers; I'd use it for scoring purposes myself, and not as an absolute pass/fail. Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
about the A and PTR for sending mail
Hi, I know maybe this is not related to DNS question, so please excuse me if it's not that suitable. I have two server IPs, the A records for them are: mail.dnsbed.com.300 IN A 74.117.233.4 mail.dnsbed.com.300 IN A 74.117.232.204 The corresponding PTR records are: 4.233.117.74.in-addr.arpa. 36466 IN PTR dnsbed.com. 204.232.117.74.in-addr.arpa. 36453 IN PTR dnsbed.com. But this setting can't make email sending successful. The Postfix system says: postfix/smtp[13775]: A65713180D9: to=<***@freenet.de>, relay=mx.freenet.de[195.4.92.211]:25, delay=1.2, delays=0.29/0.02/0.76/0.16, dsn=5.0.0, status=bounced (host mx.freenet.de[195.4.92.211] said: 550 inconsistent or no DNS PTR record for 74.117.233.4 (see RFC 1912 2.1) (in reply to RCPT TO command)) Is there any RFC item said the A and PTR records must be consistent? And why they must? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
