email (Exchange) issues due to lack of RDNS

domain-name-system isp exchange

I'm one of the network operations leads for an ISP and one of our business customers is complaining his emails won't work due to our lack of a DNS server. We opted not to stand up DNS since many other companies with a much larger amount of resources operate their own, our DHCP option 6 actually uses google DNS. We are a small, new ISP that really does not have the resources to manage and deal with all the work that comes with DNS, so how would I help this guy? It seems my only option is to stand up a DNS server, and with an authoritative response for their DNS. Can anyone offer other options that would work for us, without having to stand up our own DNS server.

I'm sure some of you don't think DNS is that much work, but for only one admin, it can get overbearing especially when you do software dev on the side of all administration.


If you're an ISP, you really ought to have authoritative DNS servers that handle the reverse DNS for your networks. Not having them is somewhat akin to operator suicide; your biggest business customers are going to expect it, and if you don't have a contingency for this they're going to pack up their bags and move elsewhere.

This isn't to say that you're stuck micromanaging reverse DNS for all of your customers. You just need to have enough of an infrastructure built out that affords you some flexibility in meeting the needs of the business:

  • Get all of your reverse DNS pointed at servers you control ahead of time. It's strongly recommended to create generic PTR records for all of your IP space with matching forward (A/AAAA) records. At a bare minimum you need the reverse DNS pointing at servers you control, and the servers must be correctly configured so as to not return responses of REFUSED or SERVFAIL.
  • Encourage your large customers (/24 of IP space or more) to set up their own DNS servers and delegate authority for their IP space to their DNS servers. At that point they can manage all of their IP space without having to call you: everyone wins.
  • Delegating less than a /24 is a headache due to the fact that IPv4 reverse DNS was designed with classful networking in mind. While there are some strategies for making this work that are rooted in BCP20 (RFC 2317), this is probably more work than you're looking to do and the BCP is somewhat debated; this link has shown up in the top search engine results for RFC 2317 for years.
  • Be prepared to make exceptions for customers you want to keep.
  • Be prepared for your managers to tell you that you're going to make exceptions for certain customers.
  • Do not skimp on geo redundancy. You need DNS servers that are not located in the same datacenter or sharing an upstream network peer. Failing to take this into consideration will be a lesson in just how volatile internet routing can be. If you're too small to fulfill this need yourself, you should look into a hosted DNS solution with a bulletproof reputation.

If you follow the advice above you'll at least be in a much better place than you were before, and have the flexibility to roll with the punches as needed.


I'm one of the network operations leads for an ISP and one of our business customers is complaining his emails won't work due to our lack of a DNS server

Some clarification of the problem would be helpful. Saying that your customer is having problems because of your lack of DNS doesn't really tell us much about the nature of the problem, although we can all guess that it's probably related to reverse DNS.

We are a small, new ISP that really does not have the resources to manage and deal with all the work that comes with DNS

I'm sorry. You chose to enter a business that requires certain "investments" from you (technical and financial). If you're not capable of or willing to take responsibility for those "investments" then you ought not to be in that business.

It seems my only option is to stand up a DNS server, and with an authoritative response for their DNS.

Again, clarification is needed. I'm failing to see why you would need to host his forward lookup DNS zone, but the reverse lookup zone is another matter altogether.

Related

How do I start php7.0-fpm with supervisord?
Do Containers Have An OS?
Getting key for Microsoft Office downgrade [duplicate]
How to use "wget" to save a file as a different name
Creating a Network link between 2 buildings
SVN Backup using rsync command
What are the benefits of using screen?
When is it appropriate to use https?
Why is my "Last log on" date wrong?
Override a DNS record using BIND9?
How network devices affect TTL
Is there an official way to detect an existing DHCP server?