ptr for a subdomain

domain-name-system email

I’m feeling lost in DNS; please help me get back on track.

  1. I’ve got a domain. Let’s call it example.com. And I can add DNS entries for subdomains of type A and CNAME.
  2. I have another server which I want to be available as foo.example.com. And I’ve got a mail server there.

When I send emails to certain servers from foo.example.com they get rejected as spam, based on the absence of a PTR record. So, the first question is, What can I do to fix this?

Right now I only have an A record at the DNS of the registrar of example.com. I can add all kind of DNS entries for foo.example.com using name servers of another provider. Right now there no such entries.

And the second question is, Can I pull this off without downtime?


The best bet to getting a working mail setup in DNS is to follow a checklist. Mine usually looks something like so:

  1. Make sure standard DNS points foo.bar.com at 65.33.33.33
  2. Make sure reverse DNS points 65.33.33.33 at foo.bar.com
  3. Make sure the mail server issues "HELO" commands as foo.bar.com
  4. Make sure bar.com has an MX record pointing to foo.bar.com

These can be checked as follows (assuming linux command line):

1:

$ dig +short foo.bar.com
65.33.33.33

2:

$ dig +short -x 65.33.33.33
foo.bar.com

3: 

$ telnet 65.33.33.33 25
> 220 SOME HEADER INFO
< HELO baz.bar.com
> 250 foo.bar.com Hello [65.33.33.33], pleased to meet you

4:

dig +short mx bar.com
10 foo.bar.com

The above posters are all correct in that your ISP is normally responsible for #2. Sometimes you need to have them change this, sometimes they will delegate the responsibility to you (which means you have to run a DNS server to serve these requests).


No downtime needed, but you do need to control your IP address space. If you don't, your ISP may be willing to create a PTR record for foo.bar.com's IP address.

The PTR record is just a way of (pseudo-definitively, if you will) reverse resolving an IP address to a host


If someone's rejecting your mail because you have no PTR record for the IP address of the machine sending the e-mail, or the PTR doesn't match the HELO, all you have to do is add/fix that PTR record -- which is just a matter of contacting whoever manages RDNS for the range you're in (I'm going to hope you don't have a /24 or better of your own). There will be no downtime in this.

On the other hand, if someone's rejecting your mail because the sender domain doesn't match the PTR record, please beat them with a stack of printed RFCs.


Did your ISP delegate reverse DNS resolution to you? If not, ask them to add a PTR entry for foo.bar.com. If yes, you'll need to add a XX.YY.in-addr.arpa zone with a PTR record for foo.bar.com.

There should be no downtime at all.

Related

Recommendation: Company website forced to https?
Should I back up my WSUS server?
Securing Acrobat Reader to mitigate viruses
How to fix the wiring mess that is my server room
Allow access to Linux Console
What is the oldest hardware still in production use? How is it kept running? [closed]
Do we have to be PCI compliant to store Social Security Numbers in our hosted database?
How can I create multiple, numbered copies of a file in Windows?
Tail server logs into XMPP?
Local SVN repository to git
Is it possible to run varnish with both memory and disk storage?
Why is the mysql client utility not using the port I specify?