Re: [bitfolk] IPv4 reverse DNS

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MKeith Williams at <-
MAndy Bennett at ->

Reply to this message
Author: Andy Bennett
Date:  
To: users
Subject: Re: [bitfolk] IPv4 reverse DNS
Hi,

There's definitely something weird going on:


My local resolver gives me SERVFAIL for the PTR record:

-----
$ nslookup
> set query=ptr
> 35.84.119.85.in-addr.arpa
;; Got SERVFAIL reply from 217.169.20.21, trying next server
Server:         217.169.20.20
Address:        217.169.20.20#53


** server can't find 35.84.119.85.in-addr.arpa: SERVFAIL
-----

...and for the SOA record:

-----
> set query=soa
> 35.84.119.85.in-addr.arpa
;; Got SERVFAIL reply from 217.169.20.21, trying next server
Server:         217.169.20.20
Address:        217.169.20.20#53


** server can't find 35.84.119.85.in-addr.arpa: SERVFAIL
-----

...and for the NS records:

-----
> set query=ns
> 35.84.119.85.in-addr.arpa
;; Got SERVFAIL reply from 217.169.20.21, trying next server
Server:         217.169.20.20
Address:        217.169.20.20#53


** server can't find 35.84.119.85.in-addr.arpa: SERVFAIL
-----


For other addresses in the subnet I see a referal to a.authns.bitfolk.com:

-----
$ nslookup
> set query=ns
> 1.84.119.85.in-addr.arpa
Server:         217.169.20.21
Address:        217.169.20.21#53


Non-authoritative answer:
*** Can't find 1.84.119.85.in-addr.arpa: No answer 

Authoritative answers can be found from:
84.119.85.in-addr.arpa
        origin = a.authns.bitfolk.co.uk
        mail addr = hostmaster.bitfolk.com
        serial = 1648070981
        refresh = 1800
        retry = 900
        expire = 1209600
        minimum = 3600
-----




However, if I ask your nameservers (as per your zonefile) directly over
IPv4:

First find out their addresses:

-----
$ nslookup
> ns1.keiths-place.co.uk
Server:         217.169.20.21
Address:        217.169.20.21#53


Non-authoritative answer:
Name: ns1.keiths-place.co.uk
Address: 85.119.84.35
Name: ns1.keiths-place.co.uk
Address: 2001:ba8:1f1:f309::2
> ns2.keiths-place.co.uk 
Server:         217.169.20.21
Address:        217.169.20.21#53


Non-authoritative answer:
Name: ns2.keiths-place.co.uk
Address: 85.119.82.237
Name: ns2.keiths-place.co.uk
Address: 2001:ba8:1f1:f29d::2
> ns3.keiths-place.co.uk 
Server:         217.169.20.21
Address:        217.169.20.21#53


Non-authoritative answer:
Name: ns3.keiths-place.co.uk
Address: 85.119.82.237
Name: ns3.keiths-place.co.uk
Address: 2001:ba8:1f1:f29d::2
-----

...then ask each of them:

ns1:
-----
> server 85.119.84.35
Default server: 85.119.84.35
Address: 85.119.84.35#53
> set type=ptr
> 35.84.119.85.in-addr.arpa
Server:         85.119.84.35
Address:        85.119.84.35#53


35.84.119.85.in-addr.arpa       name = keiths.space.
35.84.119.85.in-addr.arpa       name = keynesmail.com.
35.84.119.85.in-addr.arpa       name = mx10.keynesmail.com.
35.84.119.85.in-addr.arpa       name = www.leightonbuzzard.net.
35.84.119.85.in-addr.arpa       name = www.newportpagnell.net.
35.84.119.85.in-addr.arpa       name = splog.keiths.space.
35.84.119.85.in-addr.arpa       name = mail.wingravegolf.co.uk.
35.84.119.85.in-addr.arpa       name = www.keiths.space.
35.84.119.85.in-addr.arpa       name = newportpagnell.net.
35.84.119.85.in-addr.arpa       name = www.keynesmail.com.
35.84.119.85.in-addr.arpa       name = www.aakanee.com.
35.84.119.85.in-addr.arpa       name = ns1.keiths-place.co.uk.
35.84.119.85.in-addr.arpa       name = webmail.keynesmail.com.
35.84.119.85.in-addr.arpa       name = webmail.wingravegolf.co.uk.
35.84.119.85.in-addr.arpa       name = leightonbuzzard.net.
35.84.119.85.in-addr.arpa       name = aakanee.com.
-----


ns2:
-----
> server 85.119.82.237
Default server: 85.119.82.237
Address: 85.119.82.237#53
> set type=ptr
> 35.84.119.85.in-addr.arpa
Server:         85.119.82.237
Address:        85.119.82.237#53


35.84.119.85.in-addr.arpa       name = www.aakanee.com.
35.84.119.85.in-addr.arpa       name = leightonbuzzard.net.
35.84.119.85.in-addr.arpa       name = ns1.keiths-place.co.uk.
35.84.119.85.in-addr.arpa       name = mx10.keynesmail.com.
35.84.119.85.in-addr.arpa       name = mail.wingravegolf.co.uk.
35.84.119.85.in-addr.arpa       name = keynesmail.com.
35.84.119.85.in-addr.arpa       name = aakanee.com.
35.84.119.85.in-addr.arpa       name = www.keiths.space.
35.84.119.85.in-addr.arpa       name = www.newportpagnell.net.
35.84.119.85.in-addr.arpa       name = keiths.space.
35.84.119.85.in-addr.arpa       name = webmail.wingravegolf.co.uk.
35.84.119.85.in-addr.arpa       name = www.keynesmail.com.
35.84.119.85.in-addr.arpa       name = newportpagnell.net.
35.84.119.85.in-addr.arpa       name = webmail.keynesmail.com.
35.84.119.85.in-addr.arpa       name = splog.keiths.space.
35.84.119.85.in-addr.arpa       name = www.leightonbuzzard.net.
-----


ns3: ame address as ns2.


That's not the tidied up zone file you showed before!

So why aren't changes propagating?

ns1:
-----
> server 85.119.84.35
Default server: 85.119.84.35
Address: 85.119.84.35#53
> set type=soa
> 35.84.119.85.in-addr.arpa
Server:         85.119.84.35
Address:        85.119.84.35#53


35.84.119.85.in-addr.arpa
        origin = ns2.keiths-place.co.uk
        mail addr = keith.keiths-place.co.uk
        serial = 2019120310
        refresh = 600
        retry = 300
        expire = 1209600
        minimum = 300
-----


ns2:
-----
> server 85.119.82.237
Default server: 85.119.82.237
Address: 85.119.82.237#53
> set type=soa
> 35.84.119.85.in-addr.arpa
Server:         85.119.82.237
Address:        85.119.82.237#53


35.84.119.85.in-addr.arpa
        origin = ns2.keiths-place.co.uk
        mail addr = keith.keiths-place.co.uk
        serial = 2019120315
        refresh = 600
        retry = 300
        expire = 1209600
        minimum = 300
-----




Your zonefile still shows this 2019120315 serial number too so you
definitely need to update that and reload your nameserver.


...but there also seems to be an upstream problem where DNS isn't aware of
the NS servers for your PTR record.






> Andy
>
> Tidied up the reverse zone file
> $ORIGIN .
> $TTL 600    ; 10 minutes
> 35.84.119.85.in-addr.arpa.    IN    SOA    ns2.keiths-place.co.uk. 
> keith.keiths-place.co.uk. (
> 2019120315
> 600
> 300
> 1209600
> 300 )
> IN NS    ns1.keiths-place.co.uk.
> IN NS    ns2.keiths-place.co.uk.
> IN NS    ns3.keiths-place.co.uk.
> $ORIGIN 35.84.119.85.in-addr.arpa.
> @    IN PTR    keynesmail.com.

>
> The main config snippet
>
> zone "35.84.119.85.in-addr.arpa" {
>     type master;
> file "/var/lib/bind/35-32.84.119.85";
>     allow-transfer {
>               slaves;
>                 };

>
> check-names warn;
> notify yes;
> };

>
> from /etc/bind/named.conf.local
>
> "slaves" is an acl IPv6 and IPv4 addresses of various secondary addresses
>
> Keith
>
>
> On Tue, 12 Apr 2022 at 09:48, Andy Bennett <andyjpb@???> wrote:
> Hi,
>
> Given the previous logs where the nameserver replies "REFUSED", could you
> check that the zone file for the reverse zone is set up correctly in the
> overall nameserver configuration.
>
> Is 35.84.119.85.in-addr.arpa. configured in your nameserver configuration
> file?
> If so, are you able to share the snippet for that?
>
>
>
>> That A record was only up there for 5 minutes, LOL, I was 
>> redoing the zone file and mistyped then when checking realised 
>> \i had made a booboo there and redid it. Must have been then 
>> that it was picked up. (It was very late)  
>> Here was the error message
>> bombay.duck12@???>: host mx.lb.btinternet.com[213.120.69.89]
>>     refused to talk to me: 421 
>> re-prd-rgin-002.btmx-prd.synchronoss.net Service
>>     not available - no PTR record for 85.119.84.35

>>
>> <bea.jay@???>: host 
>> mx.tb.ukmail.iss.as9143.net[212.54.56.11] refused
>>     to talk to me: 421 mx4.tb.ukmail.iss.as9143.net
>>     mx4.tb.ukmail.iss.as9143.net MXIN108 Failure to determine 
>> Reverse DNS for
>>     your IP 85.119.84.35. Fix or retry later.

>>
>> ;id=e02ZnsEO3k7hk;sid=e02ZnsEO3k7hk;mta=mx4.tb;d=20220411;t=214936[CET];ipsrc=85.119.84.35;
>>
>> <joyron.b@???>: host 
>> mx.tb.ukmail.iss.as9143.net[212.54.56.11] refused
>>     to talk to me: 421 mx4.tb.ukmail.iss.as9143.net
>>     mx4.tb.ukmail.iss.as9143.net MXIN108 Failure to determine 
>> Reverse DNS for
>>     your IP 85.119.84.35. Fix or retry later.

>> 
>>  ;id=e02ZnsEO3k7hk;sid=e02ZnsEO3k7hk;mta=mx4.tb;d=20220411;t=214936[CET];ipsrc=85.119.84.35;
>> Here is the reverse zone file ( /var/lib/bind/35-32.84.119.85) 
>> for the IP address
>> $ORIGIN .
>> $TTL 600      ; 10 minutes
>> 35.84.119.85.in-addr.arpa.    IN      SOA     ns2.keiths-place.co.uk. 
>> keith.keiths-place.co.uk. (
>> 2019120307
>> 600
>> 300
>> 1209600
>> 300 )
>> NS    ns1.keiths-place.co.uk.
>> NS    ns2.keiths-place.co.uk.
>> NS    ns3.keiths-place.co.uk.
>> $ORIGIN 35.84.119.85.in-addr.arpa.
>> PTR   keynesmail.com.
>> PTR   www.keynesmail.com.
>> PTR   mx10.keynesmail.com.
>> PTR   webmail.keynesmail.com.
>> PTR   aakanee.com.
>>             PTR www.aakanee.com.
>> PTR   leightonbuzzard.net.
>>             PTR keiths.space.
>>             PTR www.keiths.space.
>>             PTR splog.keiths.space.
>>             PTR ns1.keiths-place.co.uk.
>>             PTR www.leightonbuzzard.net.
>>             PTR newportpagnell.net.
>>             PTR www.newportpagnell.net.
>>             PTR mail.wingravegolf.co.uk.
>>             PTR webmail.wingravegolf.co.uk.

>>
>> And the forward zone (keynesmail.com)
>> $ttl 38400
>> keynesmail.com.       IN      SOA     ns3.keiths-place.co.uk. 
>> keithwilliamsnp.gmail.com. (
>> 2019120313
>> 10800
>> 3600
>> 604800
>> 38400 )
>> keynesmail.com.       IN      NS      ns3.keiths-place.co.uk.
>> keynesmail.com.       IN      NS      ns1.keiths-place.co.uk.
>> keynesmail.com.       IN      NS      ns2.keiths-place.co.uk.

>>
>> keynesmail.com.       IN      A       85.119.84.35
>> www.keynesmail.com.   IN      A       85.119.84.35
>> webmail.keynesmail.com.       IN      A       85.119.84.35

>>
>> keynesmail.com.       IN      MX      10 keynesmail.com.
>> keynesmail.com.       IN      AAAA    2001:ba8:1f1:f309::2
>> www.keynesmail.com.   IN      AAAA    2001:ba8:1f1:f309::2
>> webmail.keynesmail.com.       IN      AAAA    2001:ba8:1f1:f309::2
>> adminmail.keynesmail.com.     IN      A       85.119.84.35
>> mx10.keynesmail.com.  IN      A       85.119.84.35
>> 35.84.119.85.in-addr.arpa.    IN      PTR     mx10.keynesmail.com.
>> 35.84.119.85.in-addr.arpa.    IN      PTR     keynesmail.com.
>> _dmarc.keynesmail.com.        IN      TXT     "v=DMARC1; 
>> p=none; pct=90; adkim=r; aspf=s"

>>
>> The formatting seems to have gone haywire as I copied and pasted, there.
>>
>> I am totally stumped, IPv6 works just fine
>>
>> Keith
>>
>>
>>
>> On Tue, 12 Apr 2022 at 07:28, John Winters <john@???> wrote:
>> On 12/04/2022 01:12, Andy Smith wrote:
>> [snip]
>>> Note that it is not really important that the reverse and forward
>>> DNS records match anything that is in the email headers, just that
>>> they match *each other* (reverse DNS resolves to a host name that
>>> also resolves back to the same IP address).
>>
>> This used to be the case but I hit a problem the other day of an ISP who
>> insisted not only that they matched each other but that they also
>> matched the name given in the HELO part of the SMTP dialogue.
>>
>> This was a new requirement from that ISP which caused email to bounce.
>> A nuisance when you have several logical mail servers behind a single
>> IPv4 address.
>>
>> So much easier with ISPs who are up to date and use IPv6.
>>
>> John
>>
>

--
Best wishes,
@ndy

--
andyjpb@???
http://www.ashurst.eu.org/
0x7EBA75FF

This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] IPv4 reverse DNSRe: [bitfolk] IPv4 reverse DNS->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)