DNS Issue...

e-1 · January 26, 2011, 7:11pm

Hi all

I have a problem to explain the ISP why my client server got blacklisted (EMAIL SERVER). The result as blacklisted IP I got it from MXTOOL

The reason why got Blacklisted?
There was no REVERSE DNS for my client email server

to be satisfied, I try to use NSLOOKUP to my client IP address

g3ck0@linux-nqxb:~> nslookup 202.190.74.101
Server: 10.0.3.2
Address: 10.0.3.2#53

Non-authoritative answer:
101.74.190.202.in-addr.arpa canonical name = 101.96.74.190.202.in-addr.arpa.
101.96.74.190.202.in-addr.arpa name = mail.jkm.gov.my.

Authoritative answers can be found from:

g3ck0@linux-nqxb:~>

Based from the NSLOOKUP above, it’s look like weird to me because before this I already setup several email server and never this kind of NSLOOKUP

as an example below,

g3ck0@linux-nqxb:~> nslookup 58.26.44.83
Server: 10.0.3.2
Address: 10.0.3.2#53

Non-authoritative answer:
83.44.26.58.in-addr.arpa name = atmail.mtib.gov.my.

Authoritative answers can be found from:

g3ck0@linux-nqxb:~>

or,

g3ck0@linux-nqxb:~> nslookup 58.26.58.142
Server: 10.0.3.2
Address: 10.0.3.2#53

Non-authoritative answer:
142.58.26.58.in-addr.arpa name = mail.maiwp.gov.my.

Authoritative answers can be found from:

g3ck0@linux-nqxb:~>

After do the googling, I found that, this happen because Multiple pointer records,

From the WIKI,

Multiple pointer records
While most rDNS entries only have one PTR record, DNS does not restrict the number. However, having multiple PTR records for the same IP address is generally not recommended, unless there is a specific need. For example, if a web server supports many virtual hosts, there may be one PTR record for each host and some versions of name server software will allocate this automatically. Multiple PTR records can cause problems, however, including triggering bugs in programs that only expect single PTR records and, in the case of a large web server, having hundreds of PTR records can cause the DNS packets to be much larger than normal.

Now I become more confusing after read all the reason of Multiple pointer records

Why my ISP configure the DNS like this? What is the benefit?

DO I need to change back to the single record?

Thanks alll

Regards
e1

ghostintheruins · January 26, 2011, 9:30pm

Looking at this check: DNS health check : find bugs on your domain - DnsQueries

Seems to me you have a bad configuration of your mail server which might have you blacklisted but not the issue you mention (more rbls list you but SpamCannibal claims the issue you mentioned)

The smtp greeting banner (“network-box”) does no match your reverse dns, you should fix this in the e-mail server settings (i.e. use **mail.jkm.gov.my **instead of “network-box”)

HELO please-read-policy.mxtoolbox.com
250 **network-box** [234 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 ok [234 ms]
RCPT TO: <test@example.com>
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) [250 ms]
QUIT
221 **network-box** [234 ms]

See the check here: Network Tools: DNS,IP,Email

Also I think you should configure your e-mail server to accept e-mails to: abuse@ and postmaster@

Good luck.

tsu2 · January 28, 2011, 12:45am

Interesting.
Although it’s a YMMV thing, I don’t remember that the mail server banner is used when verifying rDNS entries, AFAIK only the Hostname is used.

Recommend you just tell your ISP your IP is blacklisted, if possible exactly which service or listing is doing the blacklisting and let your ISP sort it out…

Alternatively, if you own a block of IP addresses, just set up on a new IP address to avoid the red tape and frustrations dealing with a blacklisting service… and try to get things set up properly this time (Tell your ISP what you’re doing and give them at least a half day lead time to get their own DNS configured properly).

IMO,
Tony

e-1 · January 28, 2011, 4:29am

Thanks mate,

Ok now I got another issue…

My client using another vendor for DNS setting, based on DNS health check : find bugs on your domain - DnsQueries , it’s look like secondary DNS not working.

Can mail server got a problem if the secondary DNS malfunction?

please_try_again · January 28, 2011, 7:55am

You can use this little script](http://forums.opensuse.org/english/other-forums/development/programming-scripting/448072-netinfo-read-network-pc-information-into-local-text-file-3.html#post2237702) to check if your IP is blacklisted. If it is the script will ask you if you want to see more info in a web browser. Or you can check this url followed by your internet IP:

[noparse]http://www.projecthoneypot.org/ip_xxx.xxx.xxx.xxx[/noparse]

The blip script does that but determines your external IP first (the one your router receives from your provider).

cjcox · January 29, 2011, 9:33pm

On 01/26/2011 12:36 PM, e-1 wrote:
>
> Hi all
>
> I have a problem to explain the ISP why my client server got
> blacklisted (EMAIL SERVER). The result as blacklisted IP I got it from
> MXTOOL
…snip…
>
> After do the googling, I found that, this happen because Multiple
> pointer records,

A VERY typical problem when using Microsoft DNS and DHCP esp. with NON-Microsoft
clients or NON-AD Windows clients disconnecting “hard”.

But I’m not necessarily convinced that is the issue here… just stating a fact.

…snip…
> Why my ISP configure the DNS like this? What is the benefit?
>
> DO I need to change back to the single record?

There can be LOTS of issues when dealing with DNS with an ISP. Some do not
stand authoritative on their in-addr.arpa space… so they can’t even assign PTR
records. And as you mentioned, sometimes they just do “bad” things.

I wish I had a better answer… IMHO, I’d switch ISPs if they don’t know what
they are doing.