11

I help a friend run a server, which includes a mail server. http://mxtoolbox.com reports that our reverse DNS is not a valid hostname.

The reverse DNS currently points to domain.com. Should it point to hostname.domain.com? I have seen here that it is conventional to use this scheme for reverse DNS. However, will this cause a problem if the mail server responds like this:

220 domain.com ESMTP Postfix (Ubuntu)
EHLO PWS3.mxtoolbox.com
250-domain.com
250-PIPELINING
250-SIZE 10240000
...

Basically, will the reverse DNS pointing to a subdomain of the domain the mail server reports be valid?

EDIT: My original question was as follows: If the mail server reports domain.com as its FQDN, can the reverse DNS point to hostname.domain.com? See comments below for why this isn't needed, and why both should be the same.

ConnorJC
  • 921
  • 1
  • 7
  • 19
  • Possible duplicate of: http://serverfault.com/questions/711600/reverse-dns-is-not-a-valid-hostname-error-from-mxtoolbox/ – Håkan Lindqvist Aug 12 '15 at 00:19
  • Not really. I wanted to know if `hostname.domain.com` is valid as reverse DNS for mail to/from `domain.com`, while the other post wanted to know what their reverse DNS should be. My answer uses the other post's answer and asks a question about it. – ConnorJC Aug 12 '15 at 00:36
  • 1
    Ok, in that case can you please clarify why you want the mail server to report anything but the hostname in the first place? Ideally the hostname that the MTA reports should be the actual hostname, just like the reverse dns entry. – Håkan Lindqvist Aug 12 '15 at 00:41
  • Well, before @Halfgaar answered my previous questions, I overlooked that SPF is used for validating whether a server is allowed to send mail for `domain.com`, **not** the reported FQDN. I originally assumed the server would have to report `domain.com` to send mail for `domain.com`. As I recently realized, I could use `v=spf1 mx -all` as the SPF record to allow the other machine to send mail. This was clarified in the comments of the accepted answer. – ConnorJC Aug 12 '15 at 00:54

2 Answers2

10

Basically, will the reverse DNS pointing to a subdomain of the domain the mail server reports be valid?

No. Just give your server a full name like myserver.mydomain.com. Make sure your reverse DNS also contains myserver.mydomain.com, and that the mailserver announced itself (with HELO) as myserver.domain.com as well.

Technically, you could have it be mail.domain.com, but that means the non-FQDN hostname of the machine would be mail, which is not elegant.

Don't have your hostname be domain.com, (I feel that) the domain should be the organizational entity, not a hostname.

Halfgaar
  • 7,921
  • 5
  • 42
  • 81
  • The mail server has to announce itself as serving domain.com to send emails like user@domain.com though, right? If the mail server announces itself as myserver.domain.com, won't the email addresses need to be user@myserver.domain.com? – ConnorJC Aug 11 '15 at 21:11
  • Also, I'm not sure what you mean by not having my hostname as `domain.com`, do you mean the FQDN? Currently the hostname of the mail machine is `vps1`, so the reverse DNS should point to `vps1.domain.com` instead of `domain.com`, correct? – ConnorJC Aug 12 '15 at 00:17
  • `The mail server has to announce itself as serving domain.com to send emails like user@domain.com though, right? If the mail server announces itself as myserver.domain.com, won't the email addresses need to be user@myserver.domain.com?` - No. That's what SPF records are for. – joeqwerty Aug 12 '15 at 00:20
  • 1
    Oh, I see. Thanks. Just to clarify, my MX record should then be changed from `domain.com` to `vps1.domain.com`. Also, the SPF record of `v=spf1 mx -all` should work with this setup. Is that correct? – ConnorJC Aug 12 '15 at 00:30
  • 2
    Yes and Yes. To clarify: An MX record designates where email goes **TO**. An SPF record designates where email comes **FROM**. – joeqwerty Aug 12 '15 at 00:33
2

Both the hostname that the mail server software reports and the reverse DNS entry are expected to be the actual canonical fqdn hostname (as discussed in the referenced question for the reverse dns case).

However, it's usually not verified that these two values actually match (even though it makes more sense if they do).


Do note that there is no expectation for the hostname specified in either of these places to necessarily have any relation to the domain names that the mail server accepts mail for or sends mail from; it identifies the mail server itself, not the domains it handles.

Community
  • 1
Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90