Reverse DNS

Archived from groups: microsoft.public.win2000.dns (More info?)

Regarding Internet connectivity specifically:

Why might I need a reverse DNS record?

Some say not to configure one thinking less information given out is better.

Others say yes, but why? How does it help?

I run a web server, email server, application server (Terminal Server) on a
W2K3 machine.

Thanks,

-Frank
9 answers Last reply
More about reverse
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    Frank,
    Please read RFC 2505 (http://www.faqs.org/rfcs/rfc2505.html) to get some
    back ground on why it is recommended to have reverse entries for mail
    servers.

    Also, many of the major service providers are filtering mail based on
    valid/invalid reverse entries. For a starting point on that take a look at
    http://postmaster.aol.com/

    You might also be interested in SPF (http://spf.pobox.com) as it deals with
    some similar issues for mail delivery.

    Regards,
    Ed Horley
    Microsoft MVP - Server Networking

    "Frankster" <Frank@SPAM2TRASH.com> wrote in message
    news:3LOdnWxcjrXvEOjfRVn-rA@giganews.com...
    > Regarding Internet connectivity specifically:
    >
    > Why might I need a reverse DNS record?
    >
    > Some say not to configure one thinking less information given out is
    > better.
    >
    > Others say yes, but why? How does it help?
    >
    > I run a web server, email server, application server (Terminal Server) on
    > a W2K3 machine.
    >
    > Thanks,
    >
    > -Frank
    >
    >
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Frankster" <Frank@SPAM2TRASH.com> wrote in message
    news:3LOdnWxcjrXvEOjfRVn-rA@giganews.com...
    > Regarding Internet connectivity specifically:
    >
    > Why might I need a reverse DNS record?

    You might not. Except for the SMTP server you
    use to send out email -- there it is typically required
    by other SMTP servers in order for them to accept
    email from it.

    > Some say not to configure one thinking less information given out is
    better.

    Generally true. No point in most cases.

    > Others say yes, but why? How does it help?
    >
    > I run a web server, email server, application server (Terminal Server) on
    a
    > W2K3 machine.

    The email server "reported name" (in the SMTP software)
    must generally match the name returned by the reverse
    lookup of the address it uses, and this name must be an
    MX record in SOMEBODY's zone (not necessary yours,
    as email servers don't have any direct relationship to
    the domains -- plural -- that they might service.)
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    Ed,

    Thank you for all the good references below. I appreciate it and will look
    at them.

    I should have crossposted this query I guess. I wound up asking in a few
    different forums. Anyway, I will paste below one of my replies to another
    group. I would welcome your comments on my logic. Admittedly, this was
    posted before I read the references you provided :)

    Thanks,

    -Frank

    ---------start----------

    I think you hit the proverbial nail on the head. SPAM filtering techniques
    have greatly improved in the last few years. As you say, RDNS used to be
    one of the only possible criteria but now is but a small fraction of the
    total SPAM identification techniques, which now use almost exclusively
    mathematically weighted algorithms.

    I've read that the practice of refusing mail based on not having RDNS has
    almost disappeared. My own mail server has that capability also, but I
    don't enable that feature. As I suspect not many others do either. My own
    mail server has a mathematically weighted and configurable SPAM system too.
    Works well.

    Anyway, I removed my reverse DNS listing about two weeks ago and have had no
    problem with email. I run a server with 4 domains pointing to the same IP.
    All have web presence and mail. I think I'll leave it that way until I have
    problems.

    Funny, it's not really mail that causes me to want to remove it. It is web
    surfing. I run a Firewall with NAT so that all surfing from any of my
    internal machines appears to be coming from that firewall. I'd prefer not
    to have surfing activities identified by RDNS. I am convinced that a lot of
    SPAM I do receive comes from unscrupulous folks garnering my RDNS info.

    Example: I can look in my mail logs and see repeated attempts to send mail
    to non existent userID's. (i.e. Admin@domainname.com, User1@domainname.com,
    Student@domainname.com, Administrator@domainname.com, info@domainname.com,
    sales@domainname.com, webmaster@domainname.com, etc., etc., etc.)

    Now each of these always uses the domain name I had configured in reverse
    lookup. Remember, I have 4 domains pointed to this IP. Only the one
    configured as reverse lookup was the target of this type of SPAM.

    Bottom line, I like it better without RDNS. Only time will tell if it truly
    causes any trouble.

    Thank you for your post. I would be interested if you have any more
    thoughts on this matter.

    -Frank

    ---------------end------------------

    "Ed Horley" <nospamed-msnewsgroups1@yahoo.com> wrote in message
    news:OsgXRLtTFHA.2420@TK2MSFTNGP12.phx.gbl...
    > Frank,
    > Please read RFC 2505 (http://www.faqs.org/rfcs/rfc2505.html) to get some
    > back ground on why it is recommended to have reverse entries for mail
    > servers.
    >
    > Also, many of the major service providers are filtering mail based on
    > valid/invalid reverse entries. For a starting point on that take a look
    > at http://postmaster.aol.com/
    >
    > You might also be interested in SPF (http://spf.pobox.com) as it deals
    > with some similar issues for mail delivery.
    >
    > Regards,
    > Ed Horley
    > Microsoft MVP - Server Networking
    >
    > "Frankster" <Frank@SPAM2TRASH.com> wrote in message
    > news:3LOdnWxcjrXvEOjfRVn-rA@giganews.com...
    >> Regarding Internet connectivity specifically:
    >>
    >> Why might I need a reverse DNS record?
    >>
    >> Some say not to configure one thinking less information given out is
    >> better.
    >>
    >> Others say yes, but why? How does it help?
    >>
    >> I run a web server, email server, application server (Terminal Server) on
    >> a W2K3 machine.
    >>
    >> Thanks,
    >>
    >> -Frank
    >>
    >>
    >
    >
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    BTW... my mailserver DOES include, in the configured header, a valid fully
    qualified mail host name (with proper MX record). However, it is no longer
    able to be matched with a reverse DNS lookup. Just FYI...

    -Frank

    "Ed Horley" <nospamed-msnewsgroups1@yahoo.com> wrote in message
    news:OsgXRLtTFHA.2420@TK2MSFTNGP12.phx.gbl...
    > Frank,
    > Please read RFC 2505 (http://www.faqs.org/rfcs/rfc2505.html) to get some
    > back ground on why it is recommended to have reverse entries for mail
    > servers.
    >
    > Also, many of the major service providers are filtering mail based on
    > valid/invalid reverse entries. For a starting point on that take a look
    > at http://postmaster.aol.com/
    >
    > You might also be interested in SPF (http://spf.pobox.com) as it deals
    > with some similar issues for mail delivery.
    >
    > Regards,
    > Ed Horley
    > Microsoft MVP - Server Networking
    >
    > "Frankster" <Frank@SPAM2TRASH.com> wrote in message
    > news:3LOdnWxcjrXvEOjfRVn-rA@giganews.com...
    >> Regarding Internet connectivity specifically:
    >>
    >> Why might I need a reverse DNS record?
    >>
    >> Some say not to configure one thinking less information given out is
    >> better.
    >>
    >> Others say yes, but why? How does it help?
    >>
    >> I run a web server, email server, application server (Terminal Server) on
    >> a W2K3 machine.
    >>
    >> Thanks,
    >>
    >> -Frank
    >>
    >>
    >
    >
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    Frank,
    Hope you found the links some interesting reading. There is no specific
    requirement in RFC 2505 regarding matching forward reverse for MTA's - I
    think section 2.5 comes the closest to saying it. They basically say until
    secure DNS is available there is no way to tell with a 100% that the records
    you are given are correct unless you own them.

    AOL and several other service providers are looking more carefully at
    forward/reverse matches for MTA's. Many are also using SPF and DomainKeys.
    Often, the safest processes is to build your systems to conform for all of
    the proposed and de facto solutions out there. That means rDNS, SPF,
    Blacklists/Whitelists, and anything else that is coming down the pipe like
    DomainKeys is now.

    Basically, all the large service providers are doing this for two reason.
    One is truly to reduce the amount of SPAM on the net - it does cost them
    money. The other reason is that for small business and home users it
    becomes almost impossible to run these services yourself properly anymore.
    That means you fall off the Internet for your core e-mail service since you
    don't know how to run SPF or rDNS or it cost to much money to upgrade your
    MTA all the time to conform. All the service providers want to host these
    services as they are money making ventures. Plus, many service providers
    are limiting ports on broadband circuits now so that hosts can only send
    traffic to the service provider's MTA's and no others. This effectively
    forces the end consumer to use the service provider's MTA's - I am not sure
    how I feel about this one yet. So far, there have been opt out options so
    for those in the know they simply opt out and things work as expected.

    Thoughts?

    Ed Horley
    Microsoft MVP - Server Networking

    "Frankster" <Frank@SPAM2TRASH.com> wrote in message
    news:-pidnUDHb8BRy-vfRVn-gg@giganews.com...
    > BTW... my mailserver DOES include, in the configured header, a valid fully
    > qualified mail host name (with proper MX record). However, it is no
    > longer able to be matched with a reverse DNS lookup. Just FYI...
    >
    > -Frank
    >
    > "Ed Horley" <nospamed-msnewsgroups1@yahoo.com> wrote in message
    > news:OsgXRLtTFHA.2420@TK2MSFTNGP12.phx.gbl...
    >> Frank,
    >> Please read RFC 2505 (http://www.faqs.org/rfcs/rfc2505.html) to get some
    >> back ground on why it is recommended to have reverse entries for mail
    >> servers.
    >>
    >> Also, many of the major service providers are filtering mail based on
    >> valid/invalid reverse entries. For a starting point on that take a look
    >> at http://postmaster.aol.com/
    >>
    >> You might also be interested in SPF (http://spf.pobox.com) as it deals
    >> with some similar issues for mail delivery.
    >>
    >> Regards,
    >> Ed Horley
    >> Microsoft MVP - Server Networking
    >>
    >> "Frankster" <Frank@SPAM2TRASH.com> wrote in message
    >> news:3LOdnWxcjrXvEOjfRVn-rA@giganews.com...
    >>> Regarding Internet connectivity specifically:
    >>>
    >>> Why might I need a reverse DNS record?
    >>>
    >>> Some say not to configure one thinking less information given out is
    >>> better.
    >>>
    >>> Others say yes, but why? How does it help?
    >>>
    >>> I run a web server, email server, application server (Terminal Server)
    >>> on a W2K3 machine.
    >>>
    >>> Thanks,
    >>>
    >>> -Frank
    >>>
    >>>
    >>
    >>
    >
    >
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    > Frank,
    > Hope you found the links some interesting reading.

    Yes, this one was very good:

    > Frank,
    > Please read RFC 2505 (http://www.faqs.org/rfcs/rfc2505.html)

    I read it all. Almost gave me a headache! :)

    It is pretty obvious that due to the fact that the original SMTP standards
    were created when "everybody trusted everybody" (like most Internet
    standards), we are in a real pickle now.

    The pickle I'm in is deciding which is worse; being occasionally identified
    as a spammer because I don't have reverse lookup configured or accepting
    more spam into my own system because I do. What a dilemma. :)

    Thanks for all your effort. I do appreciate it. Lots to think about now :)

    -Frank
  7. Archived from groups: microsoft.public.win2000.dns (More info?)

    Frankster wrote:
    > The pickle I'm in is deciding which is worse; being occasionally
    > identified as a spammer because I don't have reverse lookup
    > configured or accepting more spam into my own system because I do. What a
    > dilemma. :)

    The main concern is not being able to send mail to certain (possibly many)
    domains. Many installations are refusing mail if you don't have a reverse
    zone. I have all my clients set to refuse mail if the reverse test fails.
    Unfortunate. No one trusts no one out there anymore.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Paramount: What's up with taking Enterprise off the air??
    Infinite Diversities in Infinite Combinations.
    =================================
  8. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Ace Fekay [MVP]"
    <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
    message news:#zWEQbSUFHA.612@TK2MSFTNGP12.phx.gbl...
    > Frankster wrote:
    > > The pickle I'm in is deciding which is worse; being occasionally
    > > identified as a spammer because I don't have reverse lookup
    > > configured or accepting more spam into my own system because I do. What
    a
    > > dilemma. :)
    >
    > The main concern is not being able to send mail to certain (possibly many)
    > domains. Many installations are refusing mail if you don't have a reverse
    > zone. I have all my clients set to refuse mail if the reverse test fails.
    > Unfortunate. No one trusts no one out there anymore.

    The reverse lookup isn't going to cause you more spam.

    The MX records might.
  9. Archived from groups: microsoft.public.win2000.dns (More info?)

    Herb Martin wrote:
    > The reverse lookup isn't going to cause you more spam.
    >
    > The MX records might.

    No the reverse record won't, but I'm saying it's one of the tests that
    anti-spam software will make.

    Ace
Ask a new question

Read More

Internet Connectivity DNS Servers Windows