reverse DNS issue?

[NoDoze]

For a couple of domains we send email to, we are unable to send and receive.
The email errors say "connection timed out"
And when I telnet it too says "connection timed out"
I've spoken with the netadmins at these domains and they have told me I'm missing my reverse DNS for our mail server.

How would I do this?

CentOS 5.3 Bind

Quote:

; <<>> DiG 9.3.4-P1 <<>> mail.domain.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36617
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.domain.com. IN ANY

;; ANSWER SECTION:
mail.domain.com. 120 IN SOA ns1.domain.com. netadmin.netadmin.com. 1255040795 120 120 604800 38400
mail.domain.com. 120 IN NS 192.168.1.248.mail.domain.com.
mail.domain.com. 120 IN A 192.168.1.248
mail.domain.com. 120 IN MX 10 mail.domain.com.

;; Query time: 0 msec
;; SERVER: 192.168.1.248#53(192.168.1.248)
;; WHEN: Thu Apr 29 11:37:34 2010
;; MSG SIZE rcvd: 157

Thanks!

[soxfan]

Are you controlling the DNS records for your External (Internet facing) IP addresses? Often people let their ISP or some other 3rd party handle this. If it is through ISP/3rd party you need to have them setup the reverse DNS for you.

[NoDoze]

Hmmm...

We have our own 'in-house' dns server.
I setup a reverse dns on both the primary dns server for domain.com, and on our zimbra dns server mail.domain.com.... yes we have a split dns setup... but I'm clear how to test it...? The lookup dns info still reflects the same info... Am I missing something else...???

[owl700]

KLOTH.NET - DIG - DNS lookup - find IP address

Domain = zimbra server public ip
Server = your zimbra dns server
Query = you must select PTR (reverse DNS query)

If you have an answer and the ip point to the MX Zimbra server name all right otherwise you must control your bind reverse DB and/or call your ISP and ask for reverse DNS delegation

[NoDoze]

ok, they show the ISP's domain info....
I emailed the support at our ISP to see what they can do.

How would this affect email?

only two domains we can not send or receive email from.
All the other emails works fine.

Thanks.

[soxfan]

Quote:

ok, they show the ISP's domain info....
I emailed the support at our ISP to see what they can do.

How would this affect email?

only two domains we can not send or receive email from.
All the other emails works fine.

Thanks.

Some email servers are configured to check reverse DNS as an extra security measure. It will affect email just as what you've seen; you won't be able to send to certain email servers that are checking this info. I'm not sure about those domains not being able to send to your domain. I always thought the checking was done only on the receiving end, but I could be wrong. It is advisable to get this fixed. If your ISP hosts the DNS they should have no problem setting up the reverse DNS for you; it is a standard thing.

[NoDoze]

ok....so the reverse DNS is working now... Both from the DNS server and the zimbra server the reverse DNS now shows up...

Quote:

[root@mail /]# nslookup 71.X.XX.XXX
Server: 192.168.1.248
Address: 192.168.1.248#53

Non-authoritative answer:
XXX.XX.X.71.in-addr.arpa name = mail.domain.com.

Authoritative answers can be found from:
XX.X.71.in-addr.arpa nameserver = ns1.xo.com.
XX.X.71.in-addr.arpa nameserver = ns2.xo.com.
XX.X.71.in-addr.arpa nameserver = ns3.xo.com.

The changes were made on Friday, so any DNS propagation should be complete by now, right?

However the emails are still hanging up in the queue with the Connection Timed Out on port 25 error thingy...

Any ideas???

[NoDoze]

ok, I have a question...

I have the RDNS setup with the public IP 71.X.XX.XX1 with the hostname of our name server ns1.domain.com.

I also have the RDNS setup with the public IP 71.X.XX.XX2 with the hostname of our email server mail.domain.com

However, when people send/recieve email they use user@domain.com
So when the email is sent/recieved it's checking for an RDNS of domain.com, which technically lives on 71.X.XX.XX1 but isn't finding it cause the RDNS is for the server hostname, not the domain....

So should the 71.X.XX.XX1 have an RDNS of the domain.com or ns1.domain.com? Cause they both reside on the same IP.

Would this make a difference?

If yes, then is there a way to have the two domains on one RDNS of 71.X.XX.XX1 ...?

Thanks!

[soxfan]

Quote:

The changes were made on Friday, so any DNS propagation should be complete by now, right?

The are some web-sites that offer DNS tools for checking this type of thing. Might be worth checking from somewhere outside you public/private network.

Quote:

However, when people send/recieve email they use user@domain.com
So when the email is sent/recieved it's checking for an RDNS of domain.com, which technically lives on 71.X.XX.XX1 but isn't finding it cause the RDNS is for the server hostname, not the domain....

I don't think this is your problem. I could be wrong, but my understanding of how RDNS works with email servers is the receiving server is just checking to make sure the sending server IP address has a proper reverse DNS entry. It doesn't (shouldn't) care about the domain tied to the address.

Could the whole reverse DNS thing be a "red herring", so to say, in your case? Again, not claiming to be an expert on DNS or anything, but I would think if you are trying to send email to an email server that is doing reverse DNS checking your server would still connect but the server on the receiving end would send back some type of error message saying something about reverse DNS. I'm not getting the thing about not being able to telnet to the email server. (You are trying to telnet to port 25, right?)

[NoDoze]

Hmmm... I have our rdns working correctly.

We receive emails now, but they don't receive ours...?

What else could be causing this???