1

I'm trying to configure my reverse zones on Centos server. I've read many articles and it looks like I'm doing everything right and don't know what to check or fix next. The following is a part of my named.conf. My domain mobz.ca points to 69.175.76.110, mail.mobz.ca to 69.175.76.111, but 110 and 111 physically is the same server.

zone "mobz.ca" {
        type master;
        file "data/db.mobz.ca";
        allow-update { none; };
        allow-query { any; };
        allow-transfer { trusted; no-ip; };
        notify yes;
        also-notify { 8.23.224.170; };
};

zone "76.175.69.in-addr.arpa" {
        type master;
        file "data/db.76.175.69.in-addr.arpa";
        allow-update { none; };
        allow-query { any; };
        allow-transfer { trusted; no-ip; };
        notify yes;
        also-notify { 8.23.224.170; };
};

The problem is only with reverse zone so I just put its content:

$TTL 86400
$ORIGIN 76.175.69.IN-ADDR.ARPA.
@               IN      SOA   ns1.mobz.ca. mobz.ca. (
                              2014082804 ; serial number
                              14400      ; refresh
                              3600       ; update retry
                              3w         ; expiry
                              3h         ; nx = nxdomain ttl
                              )
                IN      NS      ns1.mobz.ca.

111             IN      PTR     mail.mobz.ca.
110             IN      PTR     mobz.ca.

Could you please help me to figure out what's the problem or where to look next? I'm relatively new to those things.

Thanks in advance.

Vahan
  • 13
  • 4

2 Answers2

3

Reverse DNS doesn't work that way. The nameserver for those IP addresses is

dennis@spirit:~$ dig -t NS 76.175.69.in-addr.arpa
76.175.69.in-addr.arpa. 21599   IN  NS  ns2.singlehop.com.
76.175.69.in-addr.arpa. 21599   IN  NS  ns1.singlehop.com.
76.175.69.in-addr.arpa. 21599   IN  NS  ns3.singlehop.com.

So you need to contact them (or possibly use your providers admin interface) to make changes to PTR records.

Dennis Kaarsemaker
  • 18,793
  • 2
  • 43
  • 69
  • Thanks Dennis and RapidWebs! At the beginning I have followed RapidWebs advice and contacted my hosting provider. They provide an interface for reverse DNS configuration. Anyway I have to accept this answer, because it is more clear and accurate. – Vahan Aug 15 '14 at 18:57
  • see the edit and comments to my answer. this answer is certainly more clear, but im not sure about more accurate. i could be wrong, or maybe i was misunderstood, but for most mail servers to actually pass your domain during an rDNS check, there needs to be a "full circle". i.e. both forward (name-to-address) and reverse (address-to-name). you control the forward records with BIND9. you need to set this. – RapidWebs Aug 15 '14 at 19:58
  • Sorry @RapidWebs, it is probably misunderstanding. In fact I resolved my problem by following your comment, but I thought or misunderstood that this response is more accurate. Considering that I'm beginner other people comments also affected to my decision. Again sorry about that. Unfortunately I'm not able to vote up your answer. – Vahan Aug 16 '14 at 01:56
-2

do you control access to your reverse zone / PTR Record? It's typical to have to request your hosting provider to change these for you. that, or there might be a section within your control panel to do this.

edit: typically rDNS is setup when mail is being denied by public mail services like Google, or marked as spam. in order to actually pass the rDNS check, im fairly certain that you need to have the forward record setup (creating a full circle).

Wikipedia says: This is the standard configuration expected by the Internet standards supporting many DNS-reliant protocols. RFC 1912 and RFC 1033 (Informational) recommend it as a best practice, but it is not a requirement of standard defining RFCs governing operation of the DNS.

https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS

RapidWebs
  • 571
  • 4
  • 13
  • Thanks, I don't have CPanel hosting. And my hosting is not managed. Do you think that hosting provider can do something about that? Sorry for stupid question. Just learning the stuff. – Vahan Aug 15 '14 at 16:36
  • They should be able to. from what I understand, whomever owns the subnet, delegates the servers which resolve the PTR Record for that IP. My guess is that you have bought these IPs from your data center. it's likely that if you submit a support ticket, they would be able to help you with this. typically, they well set it to what you like, and you create the matching forward record within BIND. however, some providers can delegate PTR records to your name server, and give you full control. less likely though. – RapidWebs Aug 15 '14 at 16:49
  • 1
    This started off well, and half way through the wheels fell off... – Chris S Aug 15 '14 at 17:46
  • @ChrisS not sure what is implied by your comment, or why "contact your service provider, and update your DNS to reflect these changes" is so hard to understand. – RapidWebs Aug 15 '14 at 19:32
  • 1
    The second half of your answer (about CNAME and A records) is utterly wrong. – Dennis Kaarsemaker Aug 15 '14 at 19:44
  • Forward-confirmed reverse DNS (FCrDNS), also known as full-circle reverse DNS, double-reverse DNS, or iprev, is a networking parameter configuration in which a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other. – RapidWebs Aug 15 '14 at 19:46
  • I was simply going by what I thought was the typical implementation. what am I missing here? how should it be setup? isn't this required to pass the rDNS check performed by most mail servers? https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS – RapidWebs Aug 15 '14 at 19:47
  • Maybe it's just the wording, but it sounds like you're suggesting that there's a PTR record for 1.2.3.4.mobz.ca and you're going to create a reverse CNAME for that to something else. – Chris S Aug 15 '14 at 19:49
  • well, i agree that i probably shouldent have fired it off from my cell phone. comes out as a jumble of words. and im not offended or anything, i seriously would like to know if there is something else I should be doing. cause most tools report my PTR records being setup correctly. but if im doing something wrong, id like to fix it – RapidWebs Aug 15 '14 at 19:51