1

I am learning how to administer productive internet-facing machines and services, and towards that end setting up mail, web, and a couple other services, all on the same box (budget constraints and simplicity).

My question relates to: SPF, FCrDNS, and PTR records:

SPF clearly recommends not using its PTR mechanism any more. Given this, when setting up an SPF record with some other mechanism (e.g. the MX mechanism), does it still make sense to set up a PTR record that leads to FCrDNS? If so, how should this set-up look like?

Currently, my zone file looks something like:

# zone file for example.com
@        A        <ip>
www      A        <ip>
ftp      A        <ip>
mail     A        <ip>
@        MX       mail
@        TXT      "v=spf1 mx -all"

Where <ip> value for all records. i.e. I run multiple services on the same machine.

Given this, how should I set up rDNS? like:

<ip>.in-addr.arpa    PTR    mail.example.com.

or like:

<ip>.in-addr.arpa    PTR    example.com.

The first option (i.e. have the PTR record point back to mail.example.com) doesn't seem to represent the actual situation to me. After all, <ip> doesn't exclusively deal with email. The second option sounds like a clearer representation of what <ip> is associated with (i.e. all services for example.com), but I'm not sure which is preferred by popular mail services when scoring email for spam, and why.

ArjunShankar
  • 111
  • 4
  • 1
    SPF and FCrDNS are completely unrelated, separate checks. You need to set up both, but they are not tied together in any way. – Michael Hampton Mar 18 '16 at 02:08
  • 1
    A PTR record is always a good idea, since some mail servers will not accept mails from ip-addresses that does not have a PTR record (or where the domain name from the PTR record does not resolve back to the same IP-address). – Lars Lind Nilsson Mar 18 '16 at 08:04

0 Answers0