Hi,
There's definitely something weird going on:
My local resolver gives me SERVFAIL for the PTR record:
-----
$ nslookup
> set query=ptr
> 35.84.119.85.in-addr.arpa
;; Got SERVFAIL reply from 217.169.20.21, trying next server
Server: 217.169.20.20
Address: 217.169.20.20#53
** server can't find 35.84.119.85.in-addr.arpa: SERVFAIL
-----
...and for the SOA record:
-----
> set query=soa
> 35.84.119.85.in-addr.arpa
;; Got SERVFAIL reply from 217.169.20.21, trying next server
Server: 217.169.20.20
Address: 217.169.20.20#53
** server can't find 35.84.119.85.in-addr.arpa: SERVFAIL
-----
...and for the NS records:
-----
> set query=ns
> 35.84.119.85.in-addr.arpa
;; Got SERVFAIL reply from 217.169.20.21, trying next server
Server: 217.169.20.20
Address: 217.169.20.20#53
** server can't find 35.84.119.85.in-addr.arpa: SERVFAIL
-----
For other addresses in the subnet I see a referal to a.authns.bitfolk.com:
-----
$ nslookup
> set query=ns
> 1.84.119.85.in-addr.arpa
Server: 217.169.20.21
Address: 217.169.20.21#53
Non-authoritative answer:
*** Can't find 1.84.119.85.in-addr.arpa: No answer
Authoritative answers can be found from:
84.119.85.in-addr.arpa
origin = a.authns.bitfolk.co.uk
mail addr = hostmaster.bitfolk.com
serial = 1648070981
refresh = 1800
retry = 900
expire = 1209600
minimum = 3600
-----
However, if I ask your nameservers (as per your zonefile) directly over
IPv4:
First find out their addresses:
-----
$ nslookup
> ns1.keiths-place.co.uk
Server: 217.169.20.21
Address: 217.169.20.21#53
Non-authoritative answer:
Name: ns1.keiths-place.co.uk
Address: 85.119.84.35
Name: ns1.keiths-place.co.uk
Address: 2001:ba8:1f1:f309::2
> ns2.keiths-place.co.uk
Server: 217.169.20.21
Address: 217.169.20.21#53
Non-authoritative answer:
Name: ns2.keiths-place.co.uk
Address: 85.119.82.237
Name: ns2.keiths-place.co.uk
Address: 2001:ba8:1f1:f29d::2
> ns3.keiths-place.co.uk
Server: 217.169.20.21
Address: 217.169.20.21#53
Non-authoritative answer:
Name: ns3.keiths-place.co.uk
Address: 85.119.82.237
Name: ns3.keiths-place.co.uk
Address: 2001:ba8:1f1:f29d::2
-----
...then ask each of them:
ns1:
-----
> server 85.119.84.35
Default server: 85.119.84.35
Address: 85.119.84.35#53
> set type=ptr
> 35.84.119.85.in-addr.arpa
Server: 85.119.84.35
Address: 85.119.84.35#53
35.84.119.85.in-addr.arpa name = keiths.space.
35.84.119.85.in-addr.arpa name = keynesmail.com.
35.84.119.85.in-addr.arpa name = mx10.keynesmail.com.
35.84.119.85.in-addr.arpa name = www.leightonbuzzard.net.
35.84.119.85.in-addr.arpa name = www.newportpagnell.net.
35.84.119.85.in-addr.arpa name = splog.keiths.space.
35.84.119.85.in-addr.arpa name = mail.wingravegolf.co.uk.
35.84.119.85.in-addr.arpa name = www.keiths.space.
35.84.119.85.in-addr.arpa name = newportpagnell.net.
35.84.119.85.in-addr.arpa name = www.keynesmail.com.
35.84.119.85.in-addr.arpa name = www.aakanee.com.
35.84.119.85.in-addr.arpa name = ns1.keiths-place.co.uk.
35.84.119.85.in-addr.arpa name = webmail.keynesmail.com.
35.84.119.85.in-addr.arpa name = webmail.wingravegolf.co.uk.
35.84.119.85.in-addr.arpa name = leightonbuzzard.net.
35.84.119.85.in-addr.arpa name = aakanee.com.
-----
ns2:
-----
> server 85.119.82.237
Default server: 85.119.82.237
Address: 85.119.82.237#53
> set type=ptr
> 35.84.119.85.in-addr.arpa
Server: 85.119.82.237
Address: 85.119.82.237#53
35.84.119.85.in-addr.arpa name = www.aakanee.com.
35.84.119.85.in-addr.arpa name = leightonbuzzard.net.
35.84.119.85.in-addr.arpa name = ns1.keiths-place.co.uk.
35.84.119.85.in-addr.arpa name = mx10.keynesmail.com.
35.84.119.85.in-addr.arpa name = mail.wingravegolf.co.uk.
35.84.119.85.in-addr.arpa name = keynesmail.com.
35.84.119.85.in-addr.arpa name = aakanee.com.
35.84.119.85.in-addr.arpa name = www.keiths.space.
35.84.119.85.in-addr.arpa name = www.newportpagnell.net.
35.84.119.85.in-addr.arpa name = keiths.space.
35.84.119.85.in-addr.arpa name = webmail.wingravegolf.co.uk.
35.84.119.85.in-addr.arpa name = www.keynesmail.com.
35.84.119.85.in-addr.arpa name = newportpagnell.net.
35.84.119.85.in-addr.arpa name = webmail.keynesmail.com.
35.84.119.85.in-addr.arpa name = splog.keiths.space.
35.84.119.85.in-addr.arpa name = www.leightonbuzzard.net.
-----
ns3: ame address as ns2.
That's not the tidied up zone file you showed before!
So why aren't changes propagating?
ns1:
-----
> server 85.119.84.35
Default server: 85.119.84.35
Address: 85.119.84.35#53
> set type=soa
> 35.84.119.85.in-addr.arpa
Server: 85.119.84.35
Address: 85.119.84.35#53
35.84.119.85.in-addr.arpa
origin = ns2.keiths-place.co.uk
mail addr = keith.keiths-place.co.uk
serial = 2019120310
refresh = 600
retry = 300
expire = 1209600
minimum = 300
-----
ns2:
-----
> server 85.119.82.237
Default server: 85.119.82.237
Address: 85.119.82.237#53
> set type=soa
> 35.84.119.85.in-addr.arpa
Server: 85.119.82.237
Address: 85.119.82.237#53
35.84.119.85.in-addr.arpa
origin = ns2.keiths-place.co.uk
mail addr = keith.keiths-place.co.uk
serial = 2019120315
refresh = 600
retry = 300
expire = 1209600
minimum = 300
-----
Your zonefile still shows this 2019120315 serial number too so you
definitely need to update that and reload your nameserver.
...but there also seems to be an upstream problem where DNS isn't aware of
the NS servers for your PTR record.
> Andy
>
> Tidied up the reverse zone file
> $ORIGIN .
> $TTL 600 ; 10 minutes
> 35.84.119.85.in-addr.arpa. IN SOA ns2.keiths-place.co.uk.
> keith.keiths-place.co.uk. (
> 2019120315
> 600
> 300
> 1209600
> 300 )
> IN NS ns1.keiths-place.co.uk.
> IN NS ns2.keiths-place.co.uk.
> IN NS ns3.keiths-place.co.uk.
> $ORIGIN 35.84.119.85.in-addr.arpa.
> @ IN PTR keynesmail.com.
>
> The main config snippet
>
> zone "35.84.119.85.in-addr.arpa" {
> type master;
> file "/var/lib/bind/35-32.84.119.85";
> allow-transfer {
> slaves;
> };
>
> check-names warn;
> notify yes;
> };
>
> from /etc/bind/named.conf.local
>
> "slaves" is an acl IPv6 and IPv4 addresses of various secondary addresses
>
> Keith
>
>
> On Tue, 12 Apr 2022 at 09:48, Andy Bennett <andyjpb@???> wrote:
> Hi,
>
> Given the previous logs where the nameserver replies "REFUSED", could you
> check that the zone file for the reverse zone is set up correctly in the
> overall nameserver configuration.
>
> Is 35.84.119.85.in-addr.arpa. configured in your nameserver configuration
> file?
> If so, are you able to share the snippet for that?
>
>
>
>> That A record was only up there for 5 minutes, LOL, I was
>> redoing the zone file and mistyped then when checking realised
>> \i had made a booboo there and redid it. Must have been then
>> that it was picked up. (It was very late)
>> Here was the error message
>> bombay.duck12@???>: host mx.lb.btinternet.com[213.120.69.89]
>> refused to talk to me: 421
>> re-prd-rgin-002.btmx-prd.synchronoss.net Service
>> not available - no PTR record for 85.119.84.35
>>
>> <bea.jay@???>: host
>> mx.tb.ukmail.iss.as9143.net[212.54.56.11] refused
>> to talk to me: 421 mx4.tb.ukmail.iss.as9143.net
>> mx4.tb.ukmail.iss.as9143.net MXIN108 Failure to determine
>> Reverse DNS for
>> your IP 85.119.84.35. Fix or retry later.
>>
>> ;id=e02ZnsEO3k7hk;sid=e02ZnsEO3k7hk;mta=mx4.tb;d=20220411;t=214936[CET];ipsrc=85.119.84.35;
>>
>> <joyron.b@???>: host
>> mx.tb.ukmail.iss.as9143.net[212.54.56.11] refused
>> to talk to me: 421 mx4.tb.ukmail.iss.as9143.net
>> mx4.tb.ukmail.iss.as9143.net MXIN108 Failure to determine
>> Reverse DNS for
>> your IP 85.119.84.35. Fix or retry later.
>>
>> ;id=e02ZnsEO3k7hk;sid=e02ZnsEO3k7hk;mta=mx4.tb;d=20220411;t=214936[CET];ipsrc=85.119.84.35;
>> Here is the reverse zone file ( /var/lib/bind/35-32.84.119.85)
>> for the IP address
>> $ORIGIN .
>> $TTL 600 ; 10 minutes
>> 35.84.119.85.in-addr.arpa. IN SOA ns2.keiths-place.co.uk.
>> keith.keiths-place.co.uk. (
>> 2019120307
>> 600
>> 300
>> 1209600
>> 300 )
>> NS ns1.keiths-place.co.uk.
>> NS ns2.keiths-place.co.uk.
>> NS ns3.keiths-place.co.uk.
>> $ORIGIN 35.84.119.85.in-addr.arpa.
>> PTR keynesmail.com.
>> PTR www.keynesmail.com.
>> PTR mx10.keynesmail.com.
>> PTR webmail.keynesmail.com.
>> PTR aakanee.com.
>> PTR www.aakanee.com.
>> PTR leightonbuzzard.net.
>> PTR keiths.space.
>> PTR www.keiths.space.
>> PTR splog.keiths.space.
>> PTR ns1.keiths-place.co.uk.
>> PTR www.leightonbuzzard.net.
>> PTR newportpagnell.net.
>> PTR www.newportpagnell.net.
>> PTR mail.wingravegolf.co.uk.
>> PTR webmail.wingravegolf.co.uk.
>>
>> And the forward zone (keynesmail.com)
>> $ttl 38400
>> keynesmail.com. IN SOA ns3.keiths-place.co.uk.
>> keithwilliamsnp.gmail.com. (
>> 2019120313
>> 10800
>> 3600
>> 604800
>> 38400 )
>> keynesmail.com. IN NS ns3.keiths-place.co.uk.
>> keynesmail.com. IN NS ns1.keiths-place.co.uk.
>> keynesmail.com. IN NS ns2.keiths-place.co.uk.
>>
>> keynesmail.com. IN A 85.119.84.35
>> www.keynesmail.com. IN A 85.119.84.35
>> webmail.keynesmail.com. IN A 85.119.84.35
>>
>> keynesmail.com. IN MX 10 keynesmail.com.
>> keynesmail.com. IN AAAA 2001:ba8:1f1:f309::2
>> www.keynesmail.com. IN AAAA 2001:ba8:1f1:f309::2
>> webmail.keynesmail.com. IN AAAA 2001:ba8:1f1:f309::2
>> adminmail.keynesmail.com. IN A 85.119.84.35
>> mx10.keynesmail.com. IN A 85.119.84.35
>> 35.84.119.85.in-addr.arpa. IN PTR mx10.keynesmail.com.
>> 35.84.119.85.in-addr.arpa. IN PTR keynesmail.com.
>> _dmarc.keynesmail.com. IN TXT "v=DMARC1;
>> p=none; pct=90; adkim=r; aspf=s"
>>
>> The formatting seems to have gone haywire as I copied and pasted, there.
>>
>> I am totally stumped, IPv6 works just fine
>>
>> Keith
>>
>>
>>
>> On Tue, 12 Apr 2022 at 07:28, John Winters <john@???> wrote:
>> On 12/04/2022 01:12, Andy Smith wrote:
>> [snip]
>>> Note that it is not really important that the reverse and forward
>>> DNS records match anything that is in the email headers, just that
>>> they match *each other* (reverse DNS resolves to a host name that
>>> also resolves back to the same IP address).
>>
>> This used to be the case but I hit a problem the other day of an ISP who
>> insisted not only that they matched each other but that they also
>> matched the name given in the HELO part of the SMTP dialogue.
>>
>> This was a new requirement from that ISP which caused email to bounce.
>> A nuisance when you have several logical mail servers behind a single
>> IPv4 address.
>>
>> So much easier with ISPs who are up to date and use IPv6.
>>
>> John
>>
>
--
Best wishes,
@ndy
--
andyjpb@???
http://www.ashurst.eu.org/
0x7EBA75FF