Reverse DNS causing SMTP problems
 

Hi

I have server with 2 IPs - both of which rDNS to mymaindomain.co.uk.

I run several domains on the first IP (including mymaindomain.co.uk) and all of these work fine.

On the second IP I run a few other domains but when I send email it is often getting classified as Spam. I did a test on DNSSTuff.com and it reports:
This test is fine on all the domains on the first IP but as above on all those on the second.

The Mail Server Test Center tool on DNSStuff.com also reports a DNS mismatch but when I do reverse lookup on both domains they both show the same as my SMTP server name. SPF records are fine on both IPs.

However, the checks at mxtoolbox.com all pass fine for both IPs.

After quite a bit of digging I found another test on DNSStuff for IP information, which amongst other things, listed Reverse-verified as Yes on the first IP but No on the second.

TBH I had never heard of it but from what I can gather, the problem is that the forward DNS only resolves to the first IP as this where I host it and there is nothing for this domain on the second IP.

So I *assume* (always dangerous I know, so that's why I am checking!) that I need to add a DNS record that also points to the second IP as well as the first? If so, how do I do that if all the services are on the first IP?

Sorry for the long ramble but DNS is NOT one of my strengths!

Server is Cent OS 6.4, with Plesk 11.5.30, using Postfix.

Thanks for any help

Unfortunately half of the globe is criminally lazy, thinks it's unnecessary or otherwise doesn't care but best practice should be to always have a PTR record, period. Once you set your reverse DNS zone and PTR record (asserting you run the authoritative name server) do ponder DKIM and SPF (esp. if the acronyms mean nothing to you).

I have PTR records and all reverse DNS is fine. The problem arises with Forward Confirmed Reverse DNS (FCrDNS) - This works fine on domains on the first IP as this where the main domain is hosted and therefore the rDNS and FCrDNS work fine. But on the second IP the rDNS resolves to the main domain (the same as the SMTP server name) but the FCrDNS fails as the main domain only resolves to the first IP.

I have NS (as ns2.maindomain.co.uk) and MX (as mail.maindomain.co.uk) records pointing to both IPs but the main domain itself only points to the first IP.

If I were to add another A record for maindomain.co.uk. that points to the second IP, how would this affect the services I host for this domain? Would I have to let Apache, Postfix etc know to expect inputs on the other IP also, or would this 'just work'? Also, how does the client decide which DNS record to use? MX has weighting but there is nothing like that for A records (as far as I am aware)? Does it just pick one at random?

Or, if that is the wrong approach, what should I be doing?

SPF is already set up and working fine. I have not yet set up DKIM but it is on my To Do list I have already found a few good sources for how to do so.

As ever, any help is greatly appreciated.

Scott

Having multiple IP addresses for one domain is just like Round Robin DNS: a Name server just* returns one of the records to the client. (*While seemingly random due to software implementation and client side caching this should never be mistaken for failover, loadbalancing or other such methods.) As with all things Linux you should not expect things to "just work" but instead ensure proper configuration. If unsure post your (modified, anonymized) forward and reverse zones together with the result of running the first and second IP address through a forward-reverse DNS checker.