1

Confusion over what reverse DNS applies to and where it gets set... Although there are answers on how to do this, I still cannot determine what needs to get done and why.

A domain is registered at Registrar A, which holds the DNS tables. Registrar A also serves up mail services via the Registrar's owned domain. Two VPS serve different 3rd level domain services.

The spf record in DNS table points to the domain of the mail server for MX services, while the MX record points to

mail.registeredDomain.com

v=spf1 a mx ptr include:mailServer.net ~all

MX toolbox states Reverse DNS does not match SMTP Banner

are reverse DNS lookups based on the service (mx) or the domain? I can see the mismatch with MX record, but the mail provider had instructions to set up PTR record as stated.

How should the SPF PTR record be set? and why?

Community
  • 1
Jerome
  • 175
  • 7

1 Answers1

1

No, the Reverse DNS records does not have anything to do with Your domain records

Lets say your domain is company.com. You have SOA, NS, MX, A and TXT -SPF records defined, pointing to an IP address of Yours.

The reverse zones for an IP address works like any other domain name lookup, but are located in domain suffix .in-addr.arpa . The domain delegation for sub domains under "in-addr.arpa" is not to be mixed up with the .com, .net etc.

Normally the "owners" of a subdomain to in-addr.arpa is the ISP owning the address space. So to get a correct DNS reverse lookup for "your" IP-address, you must ask your ISP to set it, or ask that you get an delagation for your subnet and add it to your own public dns.

And for your SPF PTR question, see open SPF syntax guide

If at all possible, you should avoid using this mechanism in your SPF record, because it will result in a larger number of expensive DNS lookups.

Ingvar J
  • 481
  • 2
  • 7
  • the ISP of the mail server I assume. correct? – Jerome Nov 15 '18 at 10:29
  • to find the "owner" of an IP address reverse zone, check (example) dig 8.8.8.8.in-addr.arpa. It shows ; AUTHORITY SECTION: 8.8.8.in-addr.arpa. 60 IN SOA ns1.google.com. dns-admin.google.com. 221575125 900 900 1800 60 So if you check the same with Your IP-adderss, you find whos is responsible for the reverse zone – Ingvar J Nov 15 '18 at 10:39
  • remember to add a dot "." after .in-addr.arpa in the request – Ingvar J Nov 15 '18 at 10:41
  • Or just do dig -x – Ingvar J Nov 15 '18 at 10:42
  • On the other hand, a missmatch of PTR record and FQDN of the mail host is NOT a serious matter. Most mailservers except gmail, hotmail, etc are in this situation – Ingvar J Nov 15 '18 at 10:49