Re: [bitfolk] IPv4 reverse DNS

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MKeith Williams at <-
MJohn Winters at ->
Author: Andy Smith
Date:  
To: users
Subject: Re: [bitfolk] IPv4 reverse DNS

Reply to this message
gpg: Signature made Tue Apr 12 00:12:25 2022 UTC
gpg: using DSA key 0E4236CB52951E14536066222099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hi Keith,

On Tue, Apr 12, 2022 at 12:22:52AM +0100, Keith Williams wrote:
> Now after a lot of digging, these servers that rejected said no rDNS on the
> IPv4 address (There were infact 2 of them UKmail and BTInternet.)

Which IP address? What is the exact message?

> they are looking for the IPv4 reverse address of Keynesmail.com at
> theBitfolk server.

That's not how DNS works, so that's probably not what is happening.
Anything that wants to know the IP address of keynesmail.com asks
the DNS servers for keynesmail.com (unless the answer is already in
a cache).

Leaving aside tricks like split horizon or geolocation, which you would
know if you were using, DNS should return the same answers for
everyone everywhere. So either:

- You have correct reverse DNS and these particular mail servers are
broken
- You don't have correct reverse DNS but most of your recipients
don't care
- The problem isn't actually DNS-related

> So should I ask Andy for secondary DNS for that domain name, would that
> solve the problem?

I don't know what the problem is yet so can't answer that. If the
domain in question exists in DNS already, then it exists in DNS
already and adding more DNS servers (e.g. BitFolk's ones) into the
mix isn't going to make any difference since all servers will/should
give the same answers. If the domain doesn't exist in DNS, well, how
does anything work at all? Unclear to me what the setup is here.

You set your reverse DNS for BitFolk IPs here: 

    https://panel.bitfolk.com/dns/


> I guess those 2 are the only ones we have come across using IPv4, all other
> addresses sent to just work fine, including Gmail and Yahoo mail.

What does this mean? Are you saying that you think that your emails
to Gmail and Yahoo! go by IPv6 but your emails to these two problem
recipients go by IPv4?

> The email address having problems with the sending is one used by
> a small local cancer support group and both the user of it and the
> intended recipients are total technophobes as well as being, like
> me, rather advanced in years.

Unfortunately several of the large email service providers enjoy
providing services that don't function as Internet email, and the
majority of their customers don't know the difference, so it must be
the sender's fault.

But we don't know what the actual problem is yet, so it is hard to
assign blame or work out a solution.

This is certainly *a* problem: 

$ dig +noall +answer +auth -t a keynesmail.com
keynesmail.com.         38373   IN      A       85.119.84.35
keynesmail.com.         38373   IN      NS      ns2.keiths-place.co.uk.
keynesmail.com.         38373   IN      NS      ns1.keiths-place.co.uk.
keynesmail.com.         38373   IN      NS      ns3.keiths-place.co.uk.
$ dig +noall +comments +question -x 85.119.84.35
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53524
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;35.84.119.85.in-addr.arpa.     IN      PTR
$ dig +noall +authority +answer -x 85.119.84.35 @a.authns.bitfolk.com
35.84.119.85.in-addr.arpa. 86400 IN     CNAME   35.35-32.84.119.85.in-addr.arpa.
35-32.84.119.85.in-addr.arpa. 86400 IN  NS      ns3.keiths-place.co.uk.
35-32.84.119.85.in-addr.arpa. 86400 IN  NS      ns2.keiths-place.co.uk.
35-32.84.119.85.in-addr.arpa. 86400 IN  NS      ns1.keiths-place.co.uk.
$ dig +noall +comments -t ptr 35.35-32.84.119.85.in-addr.arpa @ns1.keiths-place.co.uk
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 43717
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
$ for ns in 2 3; do dig +noall +answer -t ptr 35.35-32.84.119.85.in-addr.arpa @ns${ns}.keiths-place.co.uk; done
(no output there either)

So in summary you don't have functioning reverse DNS for the IP
address 85.119.84.35 because none of the nameservers that it's
delegated to are serving the (PTR) record
35.35-32.84.119.85.in-addr.arpa. They all give a REFUSED response.

I don't know if that is your problem here, but not having working
reverse DNS for an IP address that sends email is definitely going
to cause you problems.

Note that it is not really important that the reverse and forward
DNS records match anything that is in the email headers, just that
they match *each other* (reverse DNS resolves to a host name that
also resolves back to the same IP address).

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting
This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-[bitfolk] IPv4 reverse DNSRe: [bitfolk] IPv4 reverse DNS->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)