Have something to say? Contribute New Article Reply to this Article
Reverse DSN problem
Hi !
When I send a mail to some specific address
I receive this problem :
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
......
550 5.7.1 Client host rejected: cannot find your reverse hostname,
[83.212.248.x] (in reply to RCPT TO command)
I found on internet that the problem comes from an impossibility to perform the Reverse DNS to the ip address 83.212.248.x
I have a DNS server [83.212.248.y] that is supposed to "reverse" (I think) solve 83.212.248.x.
I got some help and the told me to add the following to /etc/bind/named.conf
zone "0/25.248.212.83.in-addr.arpa" {
type master;
file "/etc/bind/efa.rev";
};
and to create the file efa.rev :
$ORIGIN 0/25.248.212.83.in-addr.arpa.
$TTL 86400
@ IN SOA dns1efa.efa.gr. root.dns1.efa.gr. (
2009091001
86400
7200
2419200
3600 )
@ IN NS dns1efa.efa.gr.
6 IN PTR mail.efa.gr.
I did that and ran bind9 restart. But it still doesn't work.
I'm slowly getting crazy and it won't be reversible :) could you help me please ?
Thank you very much
Vince
Could you post the actual IP address you are trying to reverse? There are many things to look at here and it is difficult without knowing the actual IP address. I need to know the outbound IP of your mailserver and the IP of your DNS server.
Hi ! the IP adress I am trying to reverse is 83.212.248.6 (the mail server). 83.212.248.2 (the DNS server)
Thank you !
Everything looks good. All of your glues are in place, everything resolves, all glues match finals IP addresses... I'm not quite sure what the issue might be. The *only* thing I could think of is that your reverse DNS uses a cname. Most people don't get that CNAME "workaround" for DNS you have working :P
The only thing that I could think that might be the issue is the fact that your reverse DNS uses a CNAME record. I'm sure you're well aware that your MX record must point to a hostname that is resolved with an A record. Example
Your current setup:
sk@sk:~$ dig efa.gr MX
; <<>> DiG 9.4.0 <<>> efa.gr MX
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26827
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;efa.gr. IN MX
;; ANSWER SECTION:
efa.gr. 10575 IN MX 1 mail.efa.gr.
;; AUTHORITY SECTION:
efa.gr. 9912 IN NS dns1efa.efa.gr.
;; ADDITIONAL SECTION:
mail.efa.gr. 10392 IN A 83.212.248.6
dns1efa.efa.gr. 9912 IN A 83.212.248.2
sk@sk:~$ dig mail.efa.gr @83.212.248.2 A
; <<>> DiG 9.4.0 <<>> mail.efa.gr @83.212.248.2 A
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31661
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mail.efa.gr. IN A
;; ANSWER SECTION:
mail.efa.gr. 10800 IN <strong>A</strong> 83.212.248.6
In this case you have MX->A->resolved which is the way its supposed to be. I'm guessing someone has a resolver that is set to ignore CNAME records altogether when dealing with email. RFC2821 recommends against mixing MX with CNAME records but i'm not sure if it mentions how to handle reverse DNS with CNAME records.
What I think the problem is:
sk@sk:~$ dig -x 83.212.248.6 +trace
; <<>> DiG 9.4.0 <<>> -x 83.212.248.6 +trace
;; global options: printcmd
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
;; Received 452 bytes from 72.16.178.119#53(72.16.178.119) in 3 ms
83.in-addr.arpa. 86400 IN NS ns3.nic.fr.
83.in-addr.arpa. 86400 IN NS sec1.apnic.net.
83.in-addr.arpa. 86400 IN NS sec3.apnic.net.
83.in-addr.arpa. 86400 IN NS sunic.sunet.se.
83.in-addr.arpa. 86400 IN NS ns-pri.ripe.net.
83.in-addr.arpa. 86400 IN NS tinnie.arin.net.
;; Received 209 bytes from 2001:500:1::803f:235#53(H.ROOT-SERVERS.NET) in 241 ms
248.212.83.in-addr.arpa. 172800 IN NS foo.grnet.gr.
248.212.83.in-addr.arpa. 172800 IN NS nic.grnet.gr.
248.212.83.in-addr.arpa. 172800 IN NS volcano1.grnet.gr.
;; Received 133 bytes from 2001:610:240:0:53::3#53(ns-pri.ripe.net) in 163 ms
6.248.212.83.in-addr.arpa. 86400 IN <strong>CNAME 6.0/25.248.212.83.in-addr.arpa.</strong>
0/25.248.212.83.in-addr.arpa. 86400 IN NS dns1efa.efa.gr.
;; Received 108 bytes from 194.177.210.210#53(nic.grnet.gr) in 163 ms
The resolution may stop here for a "dumb resolver" or stop because it hit a CNAME.
I would have your ISP also include a PTR record in addition to the CNAME record, or remove the CNAME record and have your ISP do the reverse DNS for this IP address entirely.
Bottom line -- have your ISP reverse that IP.
[edit]
FYI - I would consider this a problem with the remote mail server. They likely have an odd DNS server or anal settings implemented on their end. Your ISP could give you the "nobody else has these problems" but I would just stand by this is a problem for a certain mailserver and there is nothing we can do about it.
I see nothing wrong with your setup.
[/edit]
This article has been dead for over three months
You
© 2012 DaniWeb® LLC
