Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Sun Mar 04, 2012 5:35 pm 
Offline
Senior Member
User avatar

Joined: Fri Dec 11, 2009 7:09 pm
Posts: 168
I'm having a go-round with my isp. I have a send only postfix server on my 'node, and have it set to reject connections with no reverse hostname. At home, I'm on Road Runner cable (and have been for 10 years), and this last week I started being blocked from sending email because my home ip address has no reverse dns entry. I've tried on several dns servers from my local machine and from my node.and get the same servfail response:

Code:
linpear:~# nslookup 184.90.253.228
;; Got SERVFAIL reply from 75.127.97.7, trying next server
;; Got SERVFAIL reply from 75.127.97.7, trying next server
Server:         75.127.97.6
Address:        75.127.97.6#53


So- my question- where does the rdns entry come from? )Again- this isn't a Linode problem).

_________________
--
Chris Bryant


Top
   
PostPosted: Sun Mar 04, 2012 6:41 pm 
Offline
Senior Member

Joined: Fri Jan 09, 2009 5:32 pm
Posts: 634
bryantrv wrote:
I'm having a go-round with my isp. I have a send only postfix server on my 'node, and have it set to reject connections with no reverse hostname. At home, I'm on Road Runner cable (and have been for 10 years), and this last week I started being blocked from sending email because my home ip address has no reverse dns entry. I've tried on several dns servers from my local machine and from my node.and get the same servfail response:

Code:
linpear:~# nslookup 184.90.253.228
;; Got SERVFAIL reply from 75.127.97.7, trying next server
;; Got SERVFAIL reply from 75.127.97.7, trying next server
Server:         75.127.97.6
Address:        75.127.97.6#53


So- my question- where does the rdns entry come from? )Again- this isn't a Linode problem).


The owner of that subnet (roadrunner) is responsible for it.

A simple way around it would be an ssh tunnel


Top
   
 Post subject:
PostPosted: Sun Mar 04, 2012 6:55 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
This is very handy for troubleshooting this sort of thing:

Code:
dig -x 184.90.253.228 +trace


Looks specific to your IP; my reverse DNS on the same set of nameservers (dns*.rr.com) is fine. -rt

_________________
Code:
/* TODO: need to add signature to posts */


Top
   
 Post subject:
PostPosted: Sun Mar 04, 2012 7:56 pm 
Offline
Senior Member
User avatar

Joined: Fri Dec 11, 2009 7:09 pm
Posts: 168
Thanks- hoopycat, I'm not sure what this is telling me-
Code:
chris@Phoenix-mepis:~$ dig -x 184.90.253.228 +trace

; <<>> DiG 9.7.3 <<>> -x 184.90.253.228 +trace
;; global options: +cmd
.                       257777  IN      NS      b.root-servers.net.
.                       257777  IN      NS      d.root-servers.net.
.                       257777  IN      NS      j.root-servers.net.
.                       257777  IN      NS      a.root-servers.net.
.                       257777  IN      NS      f.root-servers.net.
.                       257777  IN      NS      h.root-servers.net.
.                       257777  IN      NS      m.root-servers.net.
.                       257777  IN      NS      e.root-servers.net.
.                       257777  IN      NS      g.root-servers.net.
.                       257777  IN      NS      l.root-servers.net.
.                       257777  IN      NS      k.root-servers.net.
.                       257777  IN      NS      i.root-servers.net.
.                       257777  IN      NS      c.root-servers.net.
;; Received 228 bytes from 65.32.5.111#53(65.32.5.111) in 12 ms

in-addr.arpa.           172800  IN      NS      d.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      f.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      e.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      c.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      a.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      b.in-addr-servers.arpa.
;; Received 421 bytes from 192.5.5.241#53(f.root-servers.net) in 68 ms

184.in-addr.arpa.       86400   IN      NS      w.arin.net.
184.in-addr.arpa.       86400   IN      NS      y.arin.net.
184.in-addr.arpa.       86400   IN      NS      r.arin.net.
184.in-addr.arpa.       86400   IN      NS      t.arin.net.
184.in-addr.arpa.       86400   IN      NS      z.arin.net.
184.in-addr.arpa.       86400   IN      NS      x.arin.net.
184.in-addr.arpa.       86400   IN      NS      u.arin.net.
184.in-addr.arpa.       86400   IN      NS      v.arin.net.
;; Received 181 bytes from 199.212.0.73#53(a.in-addr-servers.arpa) in 55 ms

90.184.in-addr.arpa.    86400   IN      NS      DNS3.RR.COM.
90.184.in-addr.arpa.    86400   IN      NS      DNS5.RR.COM.
90.184.in-addr.arpa.    86400   IN      NS      DNS2.RR.COM.
90.184.in-addr.arpa.    86400   IN      NS      DNS1.RR.COM.
90.184.in-addr.arpa.    86400   IN      NS      DNS6.RR.COM.
;; Received 146 bytes from 199.212.0.63#53(z.arin.net) in 56 ms

;; Received 45 bytes from 76.85.249.142#53(DNS6.RR.COM) in 61 ms

chris@Phoenix-mepis:~$


I just wasn't sure about the interaction of their dhcp server (I'm on a dynamic ip at home) and which name server was providing the rdns entry.

_________________
--

Chris Bryant


Top
   
 Post subject:
PostPosted: Sun Mar 04, 2012 9:37 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
It tells you that 184.90.*.* is handled by the five nameservers listed at the end there, and DNS6.RR.COM knows nothing about your particular IP.

DHCP doesn't directly impact this, although if you got a new IP address recently, it's possible the new one just doesn't have reverse DNS configured.

Good luck!

_________________
Code:
/* TODO: need to add signature to posts */


Top
   
 Post subject:
PostPosted: Mon Mar 05, 2012 11:23 am 
Offline
Senior Member

Joined: Fri Dec 07, 2007 1:37 am
Posts: 385
Location: NC, USA
The postfix check for missing reverse hostname is useful only because it is somewhat common for ISP's to supply IP addresses with no rDNS entry. That check really only makes sense for incoming mail. Assuming you are using SASL, you should probably have a permit_sasl_authenticated entry above any DNS checks.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group