8

I am trying to clarify my Reverse DNS PTR lookup for a domain. I have a server with a single IP addresses and multiple accounts, all sharing that IP address;

My PTR is currently:

 24.210.31.in-addr.arpa. 14400 IN PTR domainname.co.uk.

But the domain that the IP address reverses to is ns1.domainnetwork.co.uk, therefore should the PTR record on the account reference the primary returned domain rather than the account domain?

I can't seem to find any clear guidance on this with Google searching, however this question did seem to suggest that the account should reference the server domain rather than the account specific domain.

So, would having :

24.210.31.in-addr.arpa. 14400 IN PTR ns1.domainnetwork.co.uk.

in the DNS for the account give it a valid PTR record, even though this doesn't mention the account domain at all?

Edit: To clarify, the ns1.domainnetwork.co.uk is the primary name server for the domain.


UPDATE + EDIT

I have a persistent issue with this topic, and felt it best to resurrect this incompleted query than to start a new one from scratch.

All the above still holds true.

I have a server with various domains, on an IP address .xx.xx.xx.236 and xx.xx.xx.238 . I also have a single domain on its own IP address just for that doman (for the TLS certificate), which is xx.xx.xx.241 but I can't get that domain to correctly show a vaid PTR record in the DNS.

A domain on the server that works (ip address 12.34.56.236 ):

websitename.co.uk       14400 IN  A  12.34.55.236
55.34.12.in-addr.arpa.  14400 IN PTR nameserver1.network.co.uk.

the above works and gives a valid PTR feedback.

The nameserver1.network.co.uk. is the same primary name server as the domain which sits on its own IP address (12.34.56.241) but which never gives a correct PTR record.

The domain that does not give out a valid PTR record (unique IP address):

websitenameTwo.co.uk    14400 IN  A  12.34.55.241
55.34.12.in-addr.arpa.  14400 IN PTR nameserver1.network.co.uk.

What Am I missing to make this record have a valid PTR DNS record?

Martin
  • 177
  • 1
  • 2
  • 13
  • 2
    do you control the zone that contains you PTR record? Note that the nameserver for the forward domain has no pre-defined relationship with the namserver for the reverse, and also note that many forward domains may contain A or other records with your IP as data. Note also that PTR records are only useful if you have a use for them (such as to maintain forward and reverse consistency for a mail server). – marctxk Nov 15 '16 at 16:23
  • @marctxk yes I control the DNS for both the `domainnetwork.co.uk`, and the `domainname.co.uk` zones. The server is working as both a host and a mail server as well hence the need for good PTR setup so that script emails are not being failed (a minority are at the moment, hence this Q). – Martin Nov 15 '16 at 16:27
  • 2
    do you control the domain 24.210.31.in-addr.arpa. which would contain xx.24.210.31.in-addr.arpa. which I assume is your server IP address? – marctxk Nov 15 '16 at 16:29
  • I think you will need to choose a single domain name for the mail server and set the PTR to that host name. – marctxk Nov 15 '16 at 16:31
  • Yes, that's the IP address of the server: 31.210.24.236 . This covers multiple accounts which each have their own domain names, – Martin Nov 15 '16 at 16:33
  • So to clarify, do you suggest I should put the *URL of the nameserver that the IP goes to* or the *account address URI* in the PTR record? – Martin Nov 15 '16 at 16:37

4 Answers4

16

Mail servers will cross-check your SMTP server's advertised HELO hostname against the PTR record for the connecting IP address, and then check that the returned name has an address record matching the connecting IP address. If any of these checks fail, then your outgoing mail may be rejected or marked as spam.

So, you need to set all three consistently: The server's hostname and the name in the PTR record must match, and that name must resolve to the same IP address.

Note that these do not have to be the same as the domain names for which you are sending mail, and it's common that they are not.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • That sounds like what I'm looking for, so as long as my IP `31.210.24.236` resolves to `domainnetwork.co.uk` and vice versa, then it doesn't matter (at least, as much) that the PTR doesn't mention the account domain specifically, only the server domain (referenced above). – Martin Nov 15 '16 at 16:54
  • 3
    Right, exactly. Though you _also_ should not use the naked domain name, but a subdomain of your domain name. Otherwise you'll run into a host of _other_ problems. – Michael Hampton Nov 15 '16 at 16:56
  • I would intend to use the [full] domain specified by the IP -- `ns1.domainnetwork.co.uk`, does that sidestep these problems? (plus can you reference what they're called for me to read?) – Martin Nov 15 '16 at 16:59
  • @Martin It's a bit too long for a comment, but it boils down to the system and software on it treating the hostname as a fully qualified domain name including hostname; if you used a naked domain name, then various things would think the domain name was e.g. `.co.uk` resulting in subtle and weird issues. One common one is that [mail never gets relayed out](http://serverfault.com/q/575638/126632) when it's meant to be externally hosted. – Michael Hampton Nov 16 '16 at 00:05
6

It seems like you have misunderstood how PTR records work and what is it for. The question doesn't include any information on how you have tried to set the record:

  1. It doesn't change automatically when you chance something.example.com. A record.
  2. It can't be set within the example.com. zone but in a reverse zone like 113.0.203.in-addr.arpa.

Like described in my answer on similar question:

It depends on your ISP and your internet connection contract whether you are allowed to request for PTR record changes for your public IP, as the PTR records are managed by the registered owner of the IP block. You can do a lookup on ARIN WHOIS IP Address Database to see the actual owner.

Another answer mentions that you could "overload" PTR records i.e. have many PTR records for a single IP address. That is not recommended because PTR record is expected to identify the canonical name associated with the IP address. (See. RFC 1035, 3.5 and RFC 1912, 2.1.)

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
4

You can't have the reverse (PTR) records in the same zone as your forward (A, MX, etc.) records.

They belong to two different DNS zones:

  • websitename.co.uk - forward zone. Contains A, MX, CNAME records (like websitename.co.uk 14400 IN A 12.34.55.236)
  • 55.34.12.in-addr.arpa - reverse zone, contains PTR records for all IP addresses in the range 12.34.55.x

You obviously control the forward zone, but the reverse zone is controlled by whomever owns the IP addressing range (range 12.34.55.224/28 is allocated to AT&T).

You will only have working reverse resolution once you change the PTR records in the reverse zone, you should get in contact with your hosting provider and request an update to the PTR records.

The good news is that you can have all of your reverse records configured in the same reverse zone, as long as the IP addressing is in the same subnet, for example:

236.55.34.12.in-addr.arpa.  14400 IN PTR websitename.co.uk.
236.55.34.12.in-addr.arpa.  14400 IN PTR websitenameOne.co.uk.
238.55.34.12.in-addr.arpa.  14400 IN PTR websitename.co.uk.
241.55.34.12.in-addr.arpa.  14400 IN PTR websitenameTwo.co.uk.

Note you can "overload" PTR records, i.e. have multiple names for an IP address, the same way you can have multiple IP addresses for a name (A record).

André Fernandes
  • 959
  • 7
  • 24
  • `contact with your hosting provider and request an update to the PTR records` But I can update the records myself, this is what I need to do. Cheers. I *am* the hosting provider – Martin Apr 11 '17 at 12:30
  • In that case you'll have to go into the configuration of these nameservers `cbru.br.ns.els-gms.att.net.`, `cmtu.mt.ns.els-gms.att.net.`, `dmtu.mt.ns.els-gms.att.net.`, `dbru.br.ns.els-gms.att.net.` and edit the `12.in-addr.arpa` zone to add your PTR records. – André Fernandes Apr 11 '17 at 12:44
0

If you have a mailserver that handles mail for example.co.uk and example.com then you'd have in their respective forward zones:

example.co.uk. MX 10 supermail.martin.com.

example.com. MX supermail.martin.com.

supermail.martin.com. A 31.210.24.x

and in reverse zone for 24.210.31.in-addr.arpa. you'd have

x.254.210.31.in-addr.arpa. PTR supermail.martin.com.

obviously supermail could be any hostname and could be in one of your mail domains if you want.

marctxk
  • 319
  • 1
  • 4
  • It's all handled on one server, the email / files / DNS is all wrapped in one server, the question is which *account* do I reference in the accounts PTR as the IP points to the *servers* domain name rather than any accounts domain name... – Martin Nov 15 '16 at 16:55
  • A mail account, say somebody@example.com doesn't exist in the DNS. the mail server for example.com has a hostname, and that hostname exists in the DNS. If your provider is using the term "account name" then you'd better get them to clarify. Take heed of what Michael has written about not placing the mail server's name at the apex of your zone. – marctxk Nov 15 '16 at 17:03
  • BTW it doesn't matter that they're all the same server – marctxk Nov 15 '16 at 17:05
  • Sorry I was getting confused by and cross referencing. By "Account" I mean a domain account, which has its own associated email addresses and DNS settings, but is on the server with lots of these accounts. Cheers – Martin Nov 15 '16 at 17:06