Josh Trutwin wrote: > Hi, > > I'm having a little bit of a DNS problem that I'd like some advice on. > > I have 10 static IP's 65.17.208.220-229 and I'm having the ISP do the reverse DNS. I told them to set it up like so: > > 65.17.208.220-224 point to fastconcepts.net > 65.17.208.225-229 point to netbits.us > > fastconcepts.net resolves to the .220 and netbits.us resolves to the .225. > > At the time this seemed reasonable. But a problem arises when a few (but probably more in the future) mail servers receive mail from say 65.17.208.228 and they do a reverse query and find that points to netbits.us and then they do a forward DNS query on netbits.us and find that netbits.us resolves to 65.17.208.225, the message is blocked because of the mismatch. > > In my mind the best way to fix this is to have a unique resolution in reverse dns for each of my IP addresses. I was thinking something along the lines of: > > 65.17.208.220 -> mail1.fastconcepts.net > 65.17.208.221 -> mail2.fastconcepts.net > 65.17.208.222 -> mail3.fastconcepts.net > 65.17.208.223 -> mail4.fastconcepts.net > 65.17.208.224 -> mail5.fastconcepts.net > 65.17.208.225 -> mail1.netbits.us > 65.17.208.226 -> mail2.netbits.us > 65.17.208.227 -> mail3.netbits.us > 65.17.208.228 -> mail4.netbits.us > 65.17.208.229 -> mail5.netbits.us > > That way if a message has headers that show the message is originating from 65.17.208.228 and they do reverse dns they find mail4.netbits.us - when they resolve mail4.netbits.us they find 65.17.208.228 and all is well. > > Does this seem like a reasonable solution? > > Thanks, > > Josh > Sounds perfectly reasonable to me. I'm surprised your ISP set up reverse records for different IPs to the same FQDN, that is not typically considered good form. Alternatively you could do something like 65.17.208.229 -> ptr-229.netbits.us if you did not want that address to always look like a mail host in RDNS lookups. Josh W _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list