[wplug] Reverse DNS - PTR Record

Bill Moran wmoran at potentialtech.com
Fri May 20 12:42:50 EDT 2005 

"Ken Rambler" <ken at ramblernet.com> wrote:

> I'm not sure exactly how to ask this question, so I apologize in
> advance.
> 
> My question is related to the PTR record and reverse DNS of a public IP
> address.
> 
> We operate a mail server and our own DNS server. The public business IP
> (static) address is provided by our ISP, which is Comcast. The reverse
> DNS points back to their name, i.e.:
> 
> Asking NS1.COMCASTBUSINESS.NET. for xx.xxx.xx.xx.in-addr.arpa PTR
> record: Reports xx-xx-xxx-xx-pa.hfc.comcastbusiness.net
> Now the question: Shouldn't the reverse point back to our server name?
> Is this something we could override by adding an entry into our zone
> file?

Yes and no.

You could easily enter a PTR record in your DNS, however, that doesn't
mean the rest of the Internet will know to look for it there.

DNS is all about delegation, and the PTR information for your IP address
is delegated to Comcast, just like all the other PTR records on that
same subnet.

You have two choices:
1) Have Comcast enter the correct information in their DNS for your
   IP.
2) Have Comcast delegate that PTR record to your nameserver.

If you only have 1 IP, #1 will likely be easier.  But either way,
your ISP has the option of doing #1 or #2.

> The reason I question this is that our mail looks to be forged when the
> server domain name does not match the reverse dns of our IP address.

Are you talking about this:

Received: from ns.ramblernet.com
	(70-89-224-37-Ken-Rambler-pa.hfc.comcastbusiness.net
	[70.89.224.37] (may be forged))

The fact that the HELO announcement doesn't match the PTR record is not
a valid test for forgery.  In fact, it won't match in most cases.  The
important thing is that ns.ramblernet.com _does_ resolve to 70.89.224.37,
and it does.

Unfortunately, however, Comcast gave you a PTR record that does not have
a valid A record, i.e.:

bash-2.05b$ host 70-89-224-37-Ken-Rambler-pa.hfc.comcastbusiness.net
Host 70-89-224-37-Ken-Rambler-pa.hfc.comcastbusiness.net not found: 3(NXDOMAIN)

Comcast has screwed up here.  There should not be PTR names that don't have
a corresponding A record.

I'm not familiar enough with sendmail to know exactly what it uses as a
criteria for adding the "may be forged" line, but I know that a lot of
servers will bounce your mail if your PTR record returns an unknown
hostname.  I'd jump on Comcast to get that fixed, at least.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com

More information about the wplug mailing list