Are my DNS records correct?

[jim.thornton]

I'm hoping someone can give me some advice here.

I have have a VPS server (let's say 1.2.3.4 is the ip address) that is running a DirectAdmin control panel. The DNS is handled automatically with the control panel and the mail system is Exim/Dovecot.

I've setup ZCS on an internal server and I've got everything working (let's say the IP is 7.8.9.0). Just the other day I had the reverse DNS fixed and now I think all the settings are correct.

DNS Setup (prior to ZCS) on 1.2.3.4:

Code:

mail A 1.2.3.4
domain.com. A 1.2.3.4
domain.com. NS 1.2.3.4
domain.com. NS x.x.x.x
mail MX 10
domain.com. TXT "v=spf1 a mx ip4:1.2.3.4 ~all"

DNS Setup (after setting up ZCS) on 7.8.9.0:

Code:

mail A 7.8.9.0
domain.com. A 1.2.3.4  (unchanged)
domain.com NS 1.2.3.4 (unchanged)
domain.com NS x.x.x.x (unchanged)
mail MX 10 (unchanged)
domain.com. TXT "v=spf1 a mx ip4:1.2.3.4 ~all"

QUESTIONS:
1) Does this setup look correct? Server1 is still running the webserver and Server2 is ONLY for ZCS.

2) TXT Record: Do I need to change the IP address within this record to point to 7.8.9.0? I'm not really sure what this record is for so I'm not sure what to do.

[phoenix]

You can verify the DNS settings by running all the commands (on the Zimbra server) in the 'Verify ....' section of the Split DNS article, the output from all those commands will confirm if they point to the correct server etc. The IP address in an SPF record identifies the server that sends mail, you can verify the record by using one of the on-line tools.

[jim.thornton]

Is it a security risk to post the actual IP addresses and records? If not I will post my exact setup to get some response.

I'm confused with the SPF/TXT records and would appreciate further assistance.

[phoenix]

Quote:

Originally Posted by jim.thornton

Is it a security risk to post the actual IP addresses and records? If not I will post my exact setup to get some response.

Not as far as I'm concerned but that is your decision.

Quote:

Originally Posted by jim.thornton

I'm confused with the SPF/TXT records and would appreciate further assistance.

What is it that's confusing you? Do you have a public SPF record configured? Have you tested the records with one (or more) of the online tools?

[jim.thornton]

What's confusing me is the SPF record. All I have is a TXT record (as stated above).

I have used the tools but right now it doesn't really matter anyway because I have not yet pointed my DNS records to use ZCS. I'm still currently using the original (Dovecot/Exim).

Last year I briefly had ZCS setup but I was running into problems with mails not coming in and such, so I turned it off again. Now I want to get it going again but make sure that everything is setup correctly this time. Last time someone else set it up for me.

I really just need to know if I'm suppose to change the IP address in the TXT record which seems to have spf in it?

Also should I be adding an SPF record on it's own? The records are currently setup as stated above. The only other records that I have in there are for ftp. and www.

[vavai]

Quote:

Originally Posted by jim.thornton

What's confusing me is the SPF record. All I have is a TXT record (as stated above).

I really just need to know if I'm suppose to change the IP address in the TXT record which seems to have spf in it?

Also should I be adding an SPF record on it's own? The records are currently setup as stated above. The only other records that I have in there are for ftp. and www.

SPF (stand for Sender Policy Framework) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS). 10 Tips for Auditing & Improving Mail Server Performance | Spirit of Change

SPF is useful to improve performance of our mail servers rank & profile but it should not related to sending & receiving emails transport. SPF is an addon & optional to be implemented.

If you changes your mail server IP address, you should changes SPF IP address also, otherwise, it means that you specify a wrong hosts are allowed to send mail from a given domain.

if you're more concerned with sending and receiving emails, verify A & MX Records setting.

Quote:

Is it a security risk to post the actual IP addresses and records? If not I will post my exact setup to get some response.

Post the actual IP address and records may or may not increasing a security risk, it's all depend on your server configuration.

On the other hand, post an actual configuration may help us to assist you investigating the problem.

[jim.thornton]

I can post the information for you. Do you want me just to go into my control panel and take screenshots? How do you want me to gather the info for you?

[vavai]

Quote:

Originally Posted by jim.thornton

I can post the information for you. Do you want me just to go into my control panel and take screenshots? How do you want me to gather the info for you?

a screenshot that showing all address will give us an in-depth information.

[jim.thornton]

Thanks for the help. Here are some screenshots that I took. This particular domain is the actual domain name that I set ZCS up on. Once I figure out if the settings are correct I intend on switching over my other domains/mail accounts.

[vavai]

Your setting seems to be working fine.

Verifying MX records :

Code:

$ dig redcarpetfinancial.ca mx

; <<>> DiG 9.7.1-P2 <<>> redcarpetfinancial.ca mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43974
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;redcarpetfinancial.ca.		IN	MX

;; ANSWER SECTION:
redcarpetfinancial.ca.	14400	IN	MX	10 mail.redcarpetfinancial.ca.

;; Query time: 267 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Jan  4 22:18:15 2012
;; MSG SIZE  rcvd: 60

Code:

$ nslookup mail.redcarpetfinancial.ca
Server:		208.67.222.222
Address:	208.67.222.222#53

Non-authoritative answer:
Name:	mail.redcarpetfinancial.ca
Address: 206.248.167.232

Telnet to mail server

Code:

$ telnet mail.redcarpetfinancial.ca 25
Trying 206.248.167.232...
Connected to mail.redcarpetfinancial.ca.
Escape character is '^]'.
220 mail.redcarpetfinancial.ca ESMTP Postfix
ehlo mail
250-mail.redcarpetfinancial.ca
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

You would go with this configuration. The following link may be useful for you for auditing your setup : http://vavai.net/2011/11/10-tips-for...r-performance/