FCrDNS With Separate Host and Mail Server

Question

I have an "A" record on my DNS which points to an IP, specifically the IP my website is hosted on. I use a separate IP for my email server. This causes my emails to fail the Forward Confirmed Reverse DNS test because of the following:

My email server IP is looked up. It points to my domain name.
My domain name is looked up. It points to the IP in my "A" record, which is different from my email server IP.
The test fails.

Is there any way to pass this test while retaining independence of host and email server? Can I have two "A" records?

@MichaelHampton Could you please advise me on how to do that a bit more? — John Roberts, Nov 21 '15 at 15:01

score 2 · Accepted Answer · answered Nov 21 '15 at 15:15

2

The reverse DNS PTR record for the IP address of the mail server is expected to point to the canonical hostname of this host (or whatever is applicable if the host has multiple addresses).

It sounds in the question that this PTR record simply points to the wrong name.

Eg, if your mail server hostname is zeus.example.com the PTR is expected to point to zeus.example.com. Which domain names it handles mail for is not really a factor (eg it could be handling mail for example.com and foo.example).

answered Nov 21 '15 at 15:15

Håkan Lindqvist

33,741
5
65
90

My mail server host name is the same as my domain name. Is that what is causing the issue? – John Roberts Nov 21 '15 at 15:18
1

@JohnRoberts That sounds like unorthodox naming to begin with. If that name resolves to the address of some other host, that just makes it even more problematic. – Håkan Lindqvist Nov 21 '15 at 15:20
The reason I did it is because I wanted the sender of my emails to be "info@example.com" instead of "info@zeus.example.com". Is that not possible if my email server IP is different from my website hosting IP? – John Roberts Nov 21 '15 at 15:26
@JohnRoberts As I noted in my answer, the hostname of the mail server and the domain names it handles mail for have no actual relation. – Håkan Lindqvist Nov 21 '15 at 15:29
So the only way for me to pass FCrDNS would be to change my email server host name to something like zeus.example.com instead of example.com? – John Roberts Nov 21 '15 at 15:35
@JohnRoberts The way to have a forward-confirmed reverse dns entry is to have the reverse dns `PTR` record point to a name which resolves back to that same IP address. For consistency it sounds like you would want to change the configured hostname to match this same name. – Håkan Lindqvist Nov 21 '15 at 15:38
Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/31917/discussion-between-john-roberts-and-hakan-lindqvist). – John Roberts Nov 21 '15 at 15:49

score 0 · Answer 2 · answered Nov 21 '15 at 14:56

0

You should use the MX option instead of the A RR. The MX (Mail Exchanger) is the name of the server which is responsible of the mails for your domain. When a mail server want to send you an email, it use first the MX record, then the A record if no MX is found. You can define the PTR record accoringly

answered Nov 21 '15 at 14:56

Dom

6,628
1
19
24

I specifically want my emails to pass the FCrDNS test. Will modifying the MX record help with that? – John Roberts Nov 21 '15 at 15:09
Yes, modifying the MX record is what you need to do. – Law29 Nov 21 '15 at 16:21

score 0 · Answer 3 · answered Nov 21 '15 at 16:35

0

For FCrDNS you need

dig +short mx example.com -> must result in the name of your mail server
dig +short a [the mail server name from line 1] -> must result in an IP
host [the IP from line 2] -> must result in the same name as line 1.

If I understand correctly, you have one IP for your web server and one IP for your mail server. Is the mail server dedicated to you, or do you share it? If it is your server, do you control its rDNS? If yes, the normal setup would be

example.com IN A [webserver IP]
www.example.com IN A [webserver IP]
mail.example.com IN A [mailserver IP]
example.com IN MX mail.example.com.

If you do not control the rDNS of your mail server, then it probably already has a name like mail.yourisp.com. In this case do not use mail.example.com but

example.com IN MX mail.yourisp.com

answered Nov 21 '15 at 16:35

Law29

3,507
1
15
28

What if I already have other MX records (I send email from Zoho as well, and this is where I want to receive all my mail. The email server is meant to be send only). Is it possible to add another MX record in this case? Can I send email from multiple servers? – John Roberts Nov 21 '15 at 16:41
MX indicates the server everyone on the Internet should use to send a mail to your domain. It MUST run an MTA server program such as postfix, exim, sendmail, Exchange, it MUST be configured for your domain, and if you have several then they must work very closely together. The mail servers that you use for SENDING your mails from do not have to be related, or even in your domain. There is an anti-spam setting called SPF that can list all the mail server IPs that are allowed to send mail from your domain, but otherwise it's not important. You really need to provide more information! – Law29 Nov 21 '15 at 16:53
So as far as my mail server is concerned, I don't want to receive any email on it. I just want to be able to use it for sending. I wouldn't use MX then, right? – John Roberts Nov 21 '15 at 16:58

FCrDNS With Separate Host and Mail Server

3 Answers3