IPv4 reverse DNS

List overview All Threads
Download

newer

older

Please give feedback for upcoming...

The upcoming Ubuntu 22.04 release

Keith Williams

11 Apr 2022 11 Apr '22

11:22 p.m.

I had emails returned due to no reverse address. My email server is running on one of my VPS and I have had all my VPS DNS delegated to me as well. I have been using the email server since the dawn of time, this hasn't happened before. Now after a lot of digging, these servers that rejected said no rDNS on the IPv4 address (There were infact 2 of them UKmail and BTInternet.) I think it is because they are querying the Bitfolk servers, because, of course, I only have the one IPv4 address delegated to me and they are looking for the IPv4 reverse address of Keynesmail.com at theBitfolk server. It doesn't know about that domain name - no reason it should really. So should I ask Andy for secondary DNS for that domain name, would that solve the problem? Or is there another way out of this. I have a number of very low traffic domains on that VPS, but this one domain, that of the email server is causing this heartache. I guess those 2 are the only ones we have come across using IPv4, all other addresses sent to just work fine, including Gmail and Yahoo mail. The email address having problems with the sending is one used by a small local cancer support group and both the user of it and the intended recipients are total technophobes as well as being, like me, rather advanced in years. Keith

Attachments:

attachment.html (text/html — 1.4 KB)

Show replies by date

Andy Smith

12 Apr 12 Apr

12:12 a.m.

Hi Keith, On Tue, Apr 12, 2022 at 12:22:52AM +0100, Keith Williams wrote:

...

Now after a lot of digging, these servers that rejected said no rDNS on the IPv4 address (There were infact 2 of them UKmail and BTInternet.)

Which IP address? What is the exact message?

...

they are looking for the IPv4 reverse address of Keynesmail.com at theBitfolk server.

That's not how DNS works, so that's probably not what is happening. Anything that wants to know the IP address of keynesmail.com asks the DNS servers for keynesmail.com (unless the answer is already in a cache). Leaving aside tricks like split horizon or geolocation, which you would know if you were using, DNS should return the same answers for everyone everywhere. So either: - You have correct reverse DNS and these particular mail servers are broken - You don't have correct reverse DNS but most of your recipients don't care - The problem isn't actually DNS-related

...

So should I ask Andy for secondary DNS for that domain name, would that solve the problem?

I don't know what the problem is yet so can't answer that. If the domain in question exists in DNS already, then it exists in DNS already and adding more DNS servers (e.g. BitFolk's ones) into the mix isn't going to make any difference since all servers will/should give the same answers. If the domain doesn't exist in DNS, well, how does anything work at all? Unclear to me what the setup is here. You set your reverse DNS for BitFolk IPs here: https://panel.bitfolk.com/dns/

...

I guess those 2 are the only ones we have come across using IPv4, all other addresses sent to just work fine, including Gmail and Yahoo mail.

What does this mean? Are you saying that you think that your emails to Gmail and Yahoo! go by IPv6 but your emails to these two problem recipients go by IPv4?

...

The email address having problems with the sending is one used by a small local cancer support group and both the user of it and the intended recipients are total technophobes as well as being, like me, rather advanced in years.

Unfortunately several of the large email service providers enjoy providing services that don't function as Internet email, and the majority of their customers don't know the difference, so it must be the sender's fault. But we don't know what the actual problem is yet, so it is hard to assign blame or work out a solution. This is certainly *a* problem: $ dig +noall +answer +auth -t a keynesmail.com keynesmail.com. 38373 IN A 85.119.84.35 keynesmail.com. 38373 IN NS ns2.keiths-place.co.uk. keynesmail.com. 38373 IN NS ns1.keiths-place.co.uk. keynesmail.com. 38373 IN NS ns3.keiths-place.co.uk. $ dig +noall +comments +question -x 85.119.84.35 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53524 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;35.84.119.85.in-addr.arpa. IN PTR $ dig +noall +authority +answer -x 85.119.84.35 @a.authns.bitfolk.com 35.84.119.85.in-addr.arpa. 86400 IN CNAME 35.35-32.84.119.85.in-addr.arpa. 35-32.84.119.85.in-addr.arpa. 86400 IN NS ns3.keiths-place.co.uk. 35-32.84.119.85.in-addr.arpa. 86400 IN NS ns2.keiths-place.co.uk. 35-32.84.119.85.in-addr.arpa. 86400 IN NS ns1.keiths-place.co.uk. $ dig +noall +comments -t ptr 35.35-32.84.119.85.in-addr.arpa @ns1.keiths-place.co.uk ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 43717 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 $ for ns in 2 3; do dig +noall +answer -t ptr 35.35-32.84.119.85.in-addr.arpa @ns${ns}.keiths-place.co.uk; done (no output there either) So in summary you don't have functioning reverse DNS for the IP address 85.119.84.35 because none of the nameservers that it's delegated to are serving the (PTR) record 35.35-32.84.119.85.in-addr.arpa. They all give a REFUSED response. I don't know if that is your problem here, but not having working reverse DNS for an IP address that sends email is definitely going to cause you problems. Note that it is not really important that the reverse and forward DNS records match anything that is in the email headers, just that they match *each other* (reverse DNS resolves to a host name that also resolves back to the same IP address). Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

John Winters

6:17 a.m.

On 12/04/2022 01:12, Andy Smith wrote: [snip]

...

Note that it is not really important that the reverse and forward DNS records match anything that is in the email headers, just that they match *each other* (reverse DNS resolves to a host name that also resolves back to the same IP address).

This used to be the case but I hit a problem the other day of an ISP who insisted not only that they matched each other but that they also matched the name given in the HELO part of the SMTP dialogue. This was a new requirement from that ISP which caused email to bounce. A nuisance when you have several logical mail servers behind a single IPv4 address. So much easier with ISPs who are up to date and use IPv6. John -- Xronos Scheduler - https://xronos.uk/ | i = (free(NULL), i++); All your school's schedule information in one place. Timetable, activities, homework, public events - the lot Live demo at https://schedulerdemo.xronos.uk/

Keith Williams

7:31 a.m.

That A record was only up there for 5 minutes, LOL, I was redoing the zone file and mistyped then when checking realised \i had made a booboo there and redid it. Must have been then that it was picked up. (It was very late) Here was the error message bombay.duck12(a)btinternet.com>gt;: host mx.lb.btinternet.com[213.120.69.89] refused to talk to me: 421 re-prd-rgin-002.btmx-prd.synchronoss.net Service not available - no PTR record for 85.119.84.35 <bea.jay(a)ntlworld.com>om>: host mx.tb.ukmail.iss.as9143.net[212.54.56.11] refused to talk to me: 421 mx4.tb.ukmail.iss.as9143.net mx4.tb.ukmail.iss.as9143.net MXIN108 Failure to determine Reverse DNS for your IP 85.119.84.35. Fix or retry later. ;id=e02ZnsEO3k7hk;sid=e02ZnsEO3k7hk;mta=mx4.tb;d=20220411;t=214936[CET];ipsrc=85.119.84.35; <joyron.b(a)ntlworld.com>om>: host mx.tb.ukmail.iss.as9143.net[212.54.56.11] refused to talk to me: 421 mx4.tb.ukmail.iss.as9143.net mx4.tb.ukmail.iss.as9143.net MXIN108 Failure to determine Reverse DNS for your IP 85.119.84.35. Fix or retry later. ;id=e02ZnsEO3k7hk;sid=e02ZnsEO3k7hk;mta=mx4.tb;d=20220411;t=214936[CET];ipsrc=85.119.84.35; Here is the reverse zone file ( /var/lib/bind/35-32.84.119.85) for the IP address $ORIGIN . $TTL 600 ; 10 minutes 35.84.119.85.in-addr.arpa. IN SOA ns2.keiths-place.co.uk. keith.keiths-place.co.uk. ( 2019120307 600 300 1209600 300 ) NS ns1.keiths-place.co.uk. NS ns2.keiths-place.co.uk. NS ns3.keiths-place.co.uk. $ORIGIN 35.84.119.85.in-addr.arpa. PTR keynesmail.com. PTR www.keynesmail.com. PTR mx10.keynesmail.com. PTR webmail.keynesmail.com. PTR aakanee.com. PTR www.aakanee.com. PTR leightonbuzzard.net. PTR keiths.space. PTR www.keiths.space. PTR splog.keiths.space. PTR ns1.keiths-place.co.uk. PTR www.leightonbuzzard.net. PTR newportpagnell.net. PTR www.newportpagnell.net. PTR mail.wingravegolf.co.uk. PTR webmail.wingravegolf.co.uk. And the forward zone (keynesmail.com) $ttl 38400 keynesmail.com. IN SOA ns3.keiths-place.co.uk. keithwilliamsnp.gmail.com. ( 2019120313 10800 3600 604800 38400 ) keynesmail.com. IN NS ns3.keiths-place.co.uk. keynesmail.com. IN NS ns1.keiths-place.co.uk. keynesmail.com. IN NS ns2.keiths-place.co.uk. keynesmail.com. IN A 85.119.84.35 www.keynesmail.com. IN A 85.119.84.35 webmail.keynesmail.com. IN A 85.119.84.35 keynesmail.com. IN MX 10 keynesmail.com. keynesmail.com. IN AAAA 2001:ba8:1f1:f309::2 www.keynesmail.com. IN AAAA 2001:ba8:1f1:f309::2 webmail.keynesmail.com. IN AAAA 2001:ba8:1f1:f309::2 adminmail.keynesmail.com. IN A 85.119.84.35 mx10.keynesmail.com. IN A 85.119.84.35 35.84.119.85.in-addr.arpa. IN PTR mx10.keynesmail.com. 35.84.119.85.in-addr.arpa. IN PTR keynesmail.com. _dmarc.keynesmail.com. IN TXT "v=DMARC1; p=none; pct=90; adkim=r; aspf=s" The formatting seems to have gone haywire as I copied and pasted, there. I am totally stumped, IPv6 works just fine Keith On Tue, 12 Apr 2022 at 07:28, John Winters <john(a)sinodun.org.uk> wrote:

...

On 12/04/2022 01:12, Andy Smith wrote: [snip]

Andy Bennett

8:42 a.m.

Hi, Given the previous logs where the nameserver replies "REFUSED", could you check that the zone file for the reverse zone is set up correctly in the overall nameserver configuration. Is 35.84.119.85.in-addr.arpa. configured in your nameserver configuration file? If so, are you able to share the snippet for that?

...

-- Best wishes, @ndy -- andyjpb(a)ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF

Keith Williams

9:11 a.m.

...

;id=e02ZnsEO3k7hk;sid=e02ZnsEO3k7hk;mta=mx4.tb;d=20220411;t=214936[CET];ipsrc=85.119.84.35;

<joyron.b(a)ntlworld.com>om>: host mx.tb.ukmail.iss.as9143.net[212.54.56.11] refused to talk to me: 421 mx4.tb.ukmail.iss.as9143.net mx4.tb.ukmail.iss.as9143.net MXIN108 Failure to determine Reverse DNS for your IP 85.119.84.35. Fix or retry later.

;id=e02ZnsEO3k7hk;sid=e02ZnsEO3k7hk;mta=mx4.tb;d=20220411;t=214936[CET];ipsrc=85.119.84.35;

Here is the reverse zone file ( /var/lib/bind/35-32.84.119.85) for the IP address $ORIGIN . $TTL 600 ; 10 minutes 35.84.119.85.in-addr.arpa. IN SOA ns2.keiths-place.co.uk. keith.keiths-place.co.uk. ( 2019120307 600 300 1209600 300 ) NS ns1.keiths-place.co.uk. NS ns2.keiths-place.co.uk. NS ns3.keiths-place.co.uk. $ORIGIN 35.84.119.85.in-addr.arpa. PTR keynesmail.com. PTR www.keynesmail.com. PTR mx10.keynesmail.com. PTR webmail.keynesmail.com. PTR aakanee.com. PTR www.aakanee.com. PTR leightonbuzzard.net. PTR keiths.space. PTR www.keiths.space. PTR splog.keiths.space. PTR ns1.keiths-place.co.uk. PTR www.leightonbuzzard.net. PTR newportpagnell.net. PTR www.newportpagnell.net. PTR mail.wingravegolf.co.uk. PTR webmail.wingravegolf.co.uk. And the forward zone (keynesmail.com) $ttl 38400 keynesmail.com. IN SOA ns3.keiths-place.co.uk.

keithwilliamsnp.gmail.com. (

2019120313 10800 3600 604800 38400 ) keynesmail.com. IN NS ns3.keiths-place.co.uk. keynesmail.com. IN NS ns1.keiths-place.co.uk. keynesmail.com. IN NS ns2.keiths-place.co.uk. keynesmail.com. IN A 85.119.84.35 www.keynesmail.com. IN A 85.119.84.35 webmail.keynesmail.com. IN A 85.119.84.35 keynesmail.com. IN MX 10 keynesmail.com. keynesmail.com. IN AAAA 2001:ba8:1f1:f309::2 www.keynesmail.com. IN AAAA 2001:ba8:1f1:f309::2 webmail.keynesmail.com. IN AAAA 2001:ba8:1f1:f309::2 adminmail.keynesmail.com. IN A 85.119.84.35 mx10.keynesmail.com. IN A 85.119.84.35 35.84.119.85.in-addr.arpa. IN PTR mx10.keynesmail.com. 35.84.119.85.in-addr.arpa. IN PTR keynesmail.com. _dmarc.keynesmail.com. IN TXT "v=DMARC1; p=none;

pct=90; adkim=r; aspf=s"

The formatting seems to have gone haywire as I copied and pasted, there. I am totally stumped, IPv6 works just fine Keith On Tue, 12 Apr 2022 at 07:28, John Winters <john(a)sinodun.org.uk> wrote: On 12/04/2022 01:12, Andy Smith wrote: [snip]

-- Best wishes, @ndy -- andyjpb(a)ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF _______________________________________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/users

Andy Bennett

10 a.m.

Hi, There's definitely something weird going on: My local resolver gives me SERVFAIL for the PTR record: ----- $ nslookup

...

set query=ptr 35.84.119.85.in-addr.arpa

;; Got SERVFAIL reply from 217.169.20.21, trying next server Server: 217.169.20.20 Address: 217.169.20.20#53 ** server can't find 35.84.119.85.in-addr.arpa: SERVFAIL ----- ...and for the SOA record: -----

...

set query=soa 35.84.119.85.in-addr.arpa

...

set query=ns 35.84.119.85.in-addr.arpa

...

set query=ns 1.84.119.85.in-addr.arpa

Server: 217.169.20.21 Address: 217.169.20.21#53 Non-authoritative answer: *** Can't find 1.84.119.85.in-addr.arpa: No answer Authoritative answers can be found from: 84.119.85.in-addr.arpa origin = a.authns.bitfolk.co.uk mail addr = hostmaster.bitfolk.com serial = 1648070981 refresh = 1800 retry = 900 expire = 1209600 minimum = 3600 ----- However, if I ask your nameservers (as per your zonefile) directly over IPv4: First find out their addresses: ----- $ nslookup

...

ns1.keiths-place.co.uk

Server: 217.169.20.21 Address: 217.169.20.21#53 Non-authoritative answer: Name: ns1.keiths-place.co.uk Address: 85.119.84.35 Name: ns1.keiths-place.co.uk Address: 2001:ba8:1f1:f309::2

...

ns2.keiths-place.co.uk

Server: 217.169.20.21 Address: 217.169.20.21#53 Non-authoritative answer: Name: ns2.keiths-place.co.uk Address: 85.119.82.237 Name: ns2.keiths-place.co.uk Address: 2001:ba8:1f1:f29d::2

...

ns3.keiths-place.co.uk

Server: 217.169.20.21 Address: 217.169.20.21#53 Non-authoritative answer: Name: ns3.keiths-place.co.uk Address: 85.119.82.237 Name: ns3.keiths-place.co.uk Address: 2001:ba8:1f1:f29d::2 ----- ...then ask each of them: ns1: -----

...

server 85.119.84.35

Default server: 85.119.84.35 Address: 85.119.84.35#53

...

set type=ptr 35.84.119.85.in-addr.arpa

Server: 85.119.84.35 Address: 85.119.84.35#53 35.84.119.85.in-addr.arpa name = keiths.space. 35.84.119.85.in-addr.arpa name = keynesmail.com. 35.84.119.85.in-addr.arpa name = mx10.keynesmail.com. 35.84.119.85.in-addr.arpa name = www.leightonbuzzard.net. 35.84.119.85.in-addr.arpa name = www.newportpagnell.net. 35.84.119.85.in-addr.arpa name = splog.keiths.space. 35.84.119.85.in-addr.arpa name = mail.wingravegolf.co.uk. 35.84.119.85.in-addr.arpa name = www.keiths.space. 35.84.119.85.in-addr.arpa name = newportpagnell.net. 35.84.119.85.in-addr.arpa name = www.keynesmail.com. 35.84.119.85.in-addr.arpa name = www.aakanee.com. 35.84.119.85.in-addr.arpa name = ns1.keiths-place.co.uk. 35.84.119.85.in-addr.arpa name = webmail.keynesmail.com. 35.84.119.85.in-addr.arpa name = webmail.wingravegolf.co.uk. 35.84.119.85.in-addr.arpa name = leightonbuzzard.net. 35.84.119.85.in-addr.arpa name = aakanee.com. ----- ns2: -----

...

server 85.119.82.237

Default server: 85.119.82.237 Address: 85.119.82.237#53

...

set type=ptr 35.84.119.85.in-addr.arpa

Server: 85.119.82.237 Address: 85.119.82.237#53 35.84.119.85.in-addr.arpa name = www.aakanee.com. 35.84.119.85.in-addr.arpa name = leightonbuzzard.net. 35.84.119.85.in-addr.arpa name = ns1.keiths-place.co.uk. 35.84.119.85.in-addr.arpa name = mx10.keynesmail.com. 35.84.119.85.in-addr.arpa name = mail.wingravegolf.co.uk. 35.84.119.85.in-addr.arpa name = keynesmail.com. 35.84.119.85.in-addr.arpa name = aakanee.com. 35.84.119.85.in-addr.arpa name = www.keiths.space. 35.84.119.85.in-addr.arpa name = www.newportpagnell.net. 35.84.119.85.in-addr.arpa name = keiths.space. 35.84.119.85.in-addr.arpa name = webmail.wingravegolf.co.uk. 35.84.119.85.in-addr.arpa name = www.keynesmail.com. 35.84.119.85.in-addr.arpa name = newportpagnell.net. 35.84.119.85.in-addr.arpa name = webmail.keynesmail.com. 35.84.119.85.in-addr.arpa name = splog.keiths.space. 35.84.119.85.in-addr.arpa name = www.leightonbuzzard.net. ----- ns3: ame address as ns2. That's not the tidied up zone file you showed before! So why aren't changes propagating? ns1: -----

...

server 85.119.84.35

Default server: 85.119.84.35 Address: 85.119.84.35#53

...

set type=soa 35.84.119.85.in-addr.arpa

Server: 85.119.84.35 Address: 85.119.84.35#53 35.84.119.85.in-addr.arpa origin = ns2.keiths-place.co.uk mail addr = keith.keiths-place.co.uk serial = 2019120310 refresh = 600 retry = 300 expire = 1209600 minimum = 300 ----- ns2: -----

...

server 85.119.82.237

Default server: 85.119.82.237 Address: 85.119.82.237#53

...

set type=soa 35.84.119.85.in-addr.arpa

Server: 85.119.82.237 Address: 85.119.82.237#53 35.84.119.85.in-addr.arpa origin = ns2.keiths-place.co.uk mail addr = keith.keiths-place.co.uk serial = 2019120315 refresh = 600 retry = 300 expire = 1209600 minimum = 300 ----- Your zonefile still shows this 2019120315 serial number too so you definitely need to update that and reload your nameserver. ...but there also seems to be an upstream problem where DNS isn't aware of the NS servers for your PTR record.

...

Andy Tidied up the reverse zone file $ORIGIN . $TTL 600 ; 10 minutes 35.84.119.85.in-addr.arpa. IN SOA ns2.keiths-place.co.uk. keith.keiths-place.co.uk. ( 2019120315 600 300 1209600 300 ) IN NS ns1.keiths-place.co.uk. IN NS ns2.keiths-place.co.uk. IN NS ns3.keiths-place.co.uk. $ORIGIN 35.84.119.85.in-addr.arpa. @ IN PTR keynesmail.com. The main config snippet zone "35.84.119.85.in-addr.arpa" { type master; file "/var/lib/bind/35-32.84.119.85"; allow-transfer { slaves; }; check-names warn; notify yes; }; from /etc/bind/named.conf.local "slaves" is an acl IPv6 and IPv4 addresses of various secondary addresses Keith On Tue, 12 Apr 2022 at 09:48, Andy Bennett <andyjpb(a)ashurst.eu.org> wrote: Hi, Given the previous logs where the nameserver replies "REFUSED", could you check that the zone file for the reverse zone is set up correctly in the overall nameserver configuration. Is 35.84.119.85.in-addr.arpa. configured in your nameserver configuration file? If so, are you able to share the snippet for that?

-- Best wishes, @ndy -- andyjpb(a)ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF

Andy Bennett

10:08 a.m.

Hello again,

...

...but there also seems to be an upstream problem where DNS isn't aware of the NS servers for your PTR record.

...of course, I hit send to early. Let's look in the parent domain, which might be a different zone: ----- $ nslookup

...

set query=ns 84.119.85.in-addr.arpa

Server: 217.169.20.21 Address: 217.169.20.21#53 Non-authoritative answer: 84.119.85.in-addr.arpa nameserver = a.authns.bitfolk.co.uk. 84.119.85.in-addr.arpa nameserver = b.authns.bitfolk.com. 84.119.85.in-addr.arpa nameserver = c.authns.bitfolk.com. Authoritative answers can be found from:

...

----- So far so good. Let's ask a.authns.bitfolk.co.uk: -----

...

server a.authns.bitfolk.co.uk.

Default server: a.authns.bitfolk.co.uk. Address: 85.119.80.222#53 Default server: a.authns.bitfolk.co.uk. Address: 2001:ba8:1f1:f085::53#53

...

35.84.119.85.in-addr.arpa

Server: a.authns.bitfolk.co.uk. Address: 85.119.80.222#53 35.84.119.85.in-addr.arpa canonical name = 35.35-32.84.119.85.in-addr.arpa. ----- -----

...

35.35-32.84.119.85.in-addr.arpa.

Server: a.authns.bitfolk.co.uk. Address: 85.119.80.222#53 Non-authoritative answer: *** Can't find 35.35-32.84.119.85.in-addr.arpa.: No answer Authoritative answers can be found from: 35-32.84.119.85.in-addr.arpa nameserver = ns1.keiths-place.co.uk. 35-32.84.119.85.in-addr.arpa nameserver = ns2.keiths-place.co.uk. 35-32.84.119.85.in-addr.arpa nameserver = ns3.keiths-place.co.uk. ns1.keiths-place.co.uk internet address = 85.119.84.35 ns1.keiths-place.co.uk has AAAA address 2001:ba8:1f1:f309::2 ns2.keiths-place.co.uk internet address = 85.119.82.237 ns2.keiths-place.co.uk has AAAA address 2001:ba8:1f1:f29d::2 ns3.keiths-place.co.uk internet address = 85.119.82.237 ns3.keiths-place.co.uk has AAAA address 2001:ba8:1f1:f29d::2 ----- Now it's getting interesting. We're back to ns1.keiths-place.co.uk. -----

...

server ns1.keiths-place.co.uk.

Default server: ns1.keiths-place.co.uk. Address: 85.119.84.35#53 Default server: ns1.keiths-place.co.uk. Address: 2001:ba8:1f1:f309::2#53

...

35-32.84.119.85.in-addr.arpa

Server: ns1.keiths-place.co.uk. Address: 85.119.84.35#53 ** server can't find 35-32.84.119.85.in-addr.arpa: REFUSED ----- So it looks like you need to serve answers for 35.35-32.84.119.85.in-addr.arpa rather from the zone 35-32.84.119.85.in-addr.arpa rather than A change to your zone file and named config should sort it out. Something like (untested): zone "35-32.84.119.85.in-addr.arpa" { rather than zone "35.84.119.85.in-addr.arpa" { and 35.35-32.84.119.85.in-addr.arpa. IN SOA ns2.keiths-place.co.uk. keith.keiths-place.co.uk. rather than 35.84.119.85.in-addr.arpa. IN SOA ns2.keiths-place.co.uk. keith.keiths-place.co.uk. Best wishes, @ndy -- andyjpb(a)ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF

Andy Bennett

10:11 a.m.

Hi,

...

So it looks like you need to serve answers for 35.35-32.84.119.85.in-addr.arpa rather from the zone 35-32.84.119.85.in-addr.arpa rather than

Keith Williams

10:37 a.m.

That is intersting. Thank you I was doing similar and f found that it got me to Bitfolk NS and resolved it as a cname with the keiths-place ns servers added for that then when it queried the keiths-place ns servers (on my other VPS called, surprisingly keiths-place.co.uk) it was just getting lost So I need to do a rewrite of the zone file for the reverse, along the lines of what you said Interesting. Thank you Keith On Tue, 12 Apr 2022 at 11:17, Andy Bennett <andyjpb(a)ashurst.eu.org> wrote:

...

Hi,

So it looks like you need to serve answers for 35.35-32.84.119.85.in-addr.arpa rather from the zone 35-32.84.119.85.in-addr.arpa rather than

So it looks like you need to serve answers for 35.35-32.84.119.85.in-addr.arpa from the zone 35-32.84.119.85.in-addr.arpa rather than answers for 35.84.119.85.in-addr.arpa from the zone 35.84.119.85.in-addr.arpa. Best wishes, @ndy -- andyjpb(a)ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF _______________________________________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/users

Keith Williams

11:17 a.m.

Andy, You sir are a scholar and a gentleman of the highest order. I made the changes you suggested and here is the result ; <<>> DiG 9.16.27-Debian <<>> 35.84.119.85.in-addr.arpa PTR ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60747 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;35.84.119.85.in-addr.arpa. IN PTR ;; ANSWER SECTION: 35.84.119.85.in-addr.arpa. 84462 IN CNAME 35.35-32.84.119.85.in-addr.arpa. 35.35-32.84.119.85.in-addr.arpa. 600 IN PTR keynesmail.com. My new zonefile:- $ttl 600 ; $ORIGIN 35-32.84.119.85.in-addr.arpa. 35-32.84.119.85.in-addr.arpa. IN SOA ns3.keiths-place.co.uk. keithwilliamsnp.gmail.com. ( 2022041211 600 300 1200 900 ) NS ns3.keiths-place.co.uk. NS ns2.keiths.place.co.uk. NS ns1.keiths-place.co.uk. 35.35-32.84.119.85.in-addr.arpa. IN PTR keynesmail.com. I will now return the TTLs etc to a more sensible number, and all will be set. Thanks so much for the help, everyone. Keith

Andy Bennett

11:30 a.m.

Hi, I'm not sure which one of us you are refering to but I simply unpacked what was in Andy's dig traces. ;-) I can confirm that I no longer see the error: -----

...

85.119.84.35

35.84.119.85.in-addr.arpa canonical name = 35.35-32.84.119.85.in-addr.arpa. 35.35-32.84.119.85.in-addr.arpa name = keynesmail.com. Authoritative answers can be found from: 35-32.84.119.85.in-addr.arpa nameserver = ns3.keiths-place.co.uk. 35-32.84.119.85.in-addr.arpa nameserver = ns1.keiths-place.co.uk. 35-32.84.119.85.in-addr.arpa nameserver = ns2.keiths.place.co.uk. ----- ...and there's only one PTR record now: -----

...

set query=ptr 35.35-32.84.119.85.in-addr.arpa

Server: 217.169.20.21 Address: 217.169.20.21#53 Non-authoritative answer: 35.35-32.84.119.85.in-addr.arpa name = keynesmail.com. Authoritative answers can be found from: 35-32.84.119.85.in-addr.arpa nameserver = ns3.keiths-place.co.uk. 35-32.84.119.85.in-addr.arpa nameserver = ns1.keiths-place.co.uk. 35-32.84.119.85.in-addr.arpa nameserver = ns2.keiths.place.co.uk. -----

...

-- Best wishes, @ndy -- andyjpb(a)ashurst.eu.org http://www.ashurst.eu.org/ 0x7EBA75FF

Keith Williams

11:42 a.m.

Andy Bennet, Yes it was you I was replying to when I was celebrating success. I trimmed the zone file right down just to get it working. Will have to add a couple back as they point to something slightly different. (I donated an MX to a spam honey trap, though I must confess I have had no catches reported for a couple of years or so) Thanks again. Keith On Tue, 12 Apr 2022 at 12:35, Andy Bennett <andyjpb(a)ashurst.eu.org> wrote:

...

Hi, I'm not sure which one of us you are refering to but I simply unpacked what was in Andy's dig traces. ;-) I can confirm that I no longer see the error: -----

85.119.84.35

set query=ptr 35.35-32.84.119.85.in-addr.arpa

35.35-32.84.119.85.in-addr.arpa.

35.35-32.84.119.85.in-addr.arpa. 600 IN PTR keynesmail.com. My new zonefile:- $ttl 600 ; $ORIGIN 35-32.84.119.85.in-addr.arpa. 35-32.84.119.85.in-addr.arpa. IN SOA ns3.keiths-place.co.uk. keithwilliamsnp.gmail.com. ( 2022041211 600 300 1200 900 ) NS ns3.keiths-place.co.uk. NS ns2.keiths.place.co.uk. NS ns1.keiths-place.co.uk. 35.35-32.84.119.85.in-addr.arpa. IN PTR keynesmail.com. I will now return the TTLs etc to a more sensible number, and all will be set. Thanks so much for the help, everyone. Keith

Keith Williams

11:43 a.m.

Hi Andy Smith, I see many Andys replying here. Yes I have at last realised this, from the other Andy's reply. In effect the mailservers are following the Cname in the Bitfolk servers zone, so they will not be looking for the shorter address. It makes perfect sense now. What really puzzled me is that the zone file has sat like that for a number of years just changing a little as it was added to, the old serial number was from one of the later additions. Thank you for your time. That example zone file you linked to is something I had obviously forgotten over the years Keith On Tue, 12 Apr 2022 at 12:17, Keith Williams <keithwilliamsnp(a)gmail.com> wrote:

...

Andy Smith

11:46 a.m.

Hello, On Tue, Apr 12, 2022 at 12:17:01PM +0100, Keith Williams wrote:

...

I made the changes you suggested and here is the result

$ for ns in 1 2 3; do target="ns${ns}.keiths-place.co.uk"; echo "$target:"; dig +noall +answer +comments -x 85.119.84.35 @$target | sed 's/^/\t/'; done ns1.keiths-place.co.uk: ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41003 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ns2.keiths-place.co.uk: ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12971 ;; flags: qr aa rd; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; ANSWER SECTION: 35.84.119.85.in-addr.arpa. 600 IN PTR mail.wingravegolf.co.uk. 35.84.119.85.in-addr.arpa. 600 IN PTR leightonbuzzard.net. 35.84.119.85.in-addr.arpa. 600 IN PTR splog.keiths.space. 35.84.119.85.in-addr.arpa. 600 IN PTR newportpagnell.net. 35.84.119.85.in-addr.arpa. 600 IN PTR ns1.keiths-place.co.uk. 35.84.119.85.in-addr.arpa. 600 IN PTR webmail.wingravegolf.co.uk. 35.84.119.85.in-addr.arpa. 600 IN PTR aakanee.com. 35.84.119.85.in-addr.arpa. 600 IN PTR www.keiths.space. 35.84.119.85.in-addr.arpa. 600 IN PTR www.keynesmail.com. 35.84.119.85.in-addr.arpa. 600 IN PTR mx10.keynesmail.com. 35.84.119.85.in-addr.arpa. 600 IN PTR www.leightonbuzzard.net. 35.84.119.85.in-addr.arpa. 600 IN PTR keiths.space. 35.84.119.85.in-addr.arpa. 600 IN PTR www.aakanee.com. 35.84.119.85.in-addr.arpa. 600 IN PTR webmail.keynesmail.com. 35.84.119.85.in-addr.arpa. 600 IN PTR www.newportpagnell.net. 35.84.119.85.in-addr.arpa. 600 IN PTR keynesmail.com. ns3.keiths-place.co.uk: ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 55445 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 Or to put it another way: http://dns.squish.net/traverses/aa62a2ab37d593a69cc9dca907f499c4 Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

Keith Williams

12:16 p.m.

So it is getting there, sometimes the secondary servers are a bit slow to transfer. Will have to look this afternoon why the ns3 is refusing, as it should be authoritative. Some small slip up in my writing of the new zone file. I was going to wait for a while for everything to propagate then test more thoroughly, but will investigate that first.ns3 is the main NS, LOL, so the secondaries do have it. 35-32.84.119.85.in-addr.arpa. IN SOA ns3.keiths-place.co.uk. keithwilliamsnp.gmail.com. ( Keith On Tue, 12 Apr 2022 at 13:00, Andy Smith <andy(a)bitfolk.com> wrote:

...

Hello, On Tue, Apr 12, 2022 at 12:17:01PM +0100, Keith Williams wrote:

I made the changes you suggested and here is the result

$ for ns in 1 2 3; do target="ns${ns}.keiths-place.co.uk"; echo "$target:"; dig +noall +answer +comments -x 85.119.84.35 @$target | sed 's/^/\t/'; done ns1.keiths-place.co.uk: ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41003 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ns2.keiths-place.co.uk: ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12971 ;; flags: qr aa rd; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; ANSWER SECTION: 35.84.119.85.in-addr.arpa. 600 IN PTR mail.wingravegolf.co.uk. 35.84.119.85.in-addr.arpa. 600 IN PTR leightonbuzzard.net. 35.84.119.85.in-addr.arpa. 600 IN PTR splog.keiths.space . 35.84.119.85.in-addr.arpa. 600 IN PTR newportpagnell.net . 35.84.119.85.in-addr.arpa. 600 IN PTR ns1.keiths-place.co.uk. 35.84.119.85.in-addr.arpa. 600 IN PTR webmail.wingravegolf.co.uk. 35.84.119.85.in-addr.arpa. 600 IN PTR aakanee.com. 35.84.119.85.in-addr.arpa. 600 IN PTR www.keiths.space. 35.84.119.85.in-addr.arpa. 600 IN PTR www.keynesmail.com . 35.84.119.85.in-addr.arpa. 600 IN PTR mx10.keynesmail.com. 35.84.119.85.in-addr.arpa. 600 IN PTR www.leightonbuzzard.net. 35.84.119.85.in-addr.arpa. 600 IN PTR keiths.space. 35.84.119.85.in-addr.arpa. 600 IN PTR www.aakanee.com. 35.84.119.85.in-addr.arpa. 600 IN PTR webmail.keynesmail.com. 35.84.119.85.in-addr.arpa. 600 IN PTR www.newportpagnell.net. 35.84.119.85.in-addr.arpa. 600 IN PTR keynesmail.com. ns3.keiths-place.co.uk: ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 55445 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 Or to put it another way: http://dns.squish.net/traverses/aa62a2ab37d593a69cc9dca907f499c4 Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/users

Keith Williams

12:18 p.m.

oops sorry NS1 was the one refusing, so it has probably not updated yet? On Tue, 12 Apr 2022 at 13:16, Keith Williams <keithwilliamsnp(a)gmail.com> wrote:

...

Hello, On Tue, Apr 12, 2022 at 12:17:01PM +0100, Keith Williams wrote:

I made the changes you suggested and here is the result

Andy Smith

1:12 p.m.

Hello, On Tue, Apr 12, 2022 at 01:18:13PM +0100, Keith Williams wrote:

...

oops sorry NS1 was the one refusing, so it has probably not updated yet?

DNS zone transfers should be very quick; at most a few seconds. Also most of the four addresses don't even return the SOA record (meaning they have no concept of the zone at all), and then later they do return something. I can't communicate with 85.119.84.35 / 2001:ba8:1f1:f309::2 at all now (100% packet loss). It looks very broken. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

Keith Williams

1:57 p.m.

That is strange as I have been SSH into it on and off for the last several hours On Tue, 12 Apr 2022 at 14:17, Andy Smith <andy(a)bitfolk.com> wrote:

...

Hello, On Tue, Apr 12, 2022 at 01:18:13PM +0100, Keith Williams wrote:

oops sorry NS1 was the one refusing, so it has probably not updated yet?

Keith Williams

2 p.m.

...

That is strange as I have been SSH into it on and off for the last several hours On Tue, 12 Apr 2022 at 14:17, Andy Smith <andy(a)bitfolk.com> wrote:

Hello, On Tue, Apr 12, 2022 at 01:18:13PM +0100, Keith Williams wrote:

oops sorry NS1 was the one refusing, so it has probably not updated yet?

Keith Williams

2:22 p.m.

http://dns.squish.net/traverses/c7ef60f1ea016045497c747b842a4dea seems to be OK now. I did a reboot, everything seemed to start working OK then. Ready for me to upgrade to Debian 11 tonight Thanks once more On Tue, 12 Apr 2022 at 15:00, Keith Williams <keithwilliamsnp(a)gmail.com> wrote:

...

PING keynesmail.com (85.119.84.35) 56(84) bytes of data. 64 bytes from keynesmail.com (85.119.84.35): icmp_seq=1 ttl=64 time=0.043 ms 64 bytes from keynesmail.com (85.119.84.35): icmp_seq=2 ttl=64 time=0.071 ms 64 bytes from keynesmail.com (85.119.84.35): icmp_seq=3 ttl=64 time=0.102 ms On Tue, 12 Apr 2022 at 14:57, Keith Williams <keithwilliamsnp(a)gmail.com> wrote: > That is strange as I have been SSH into it on and off for the last > several hours > > On Tue, 12 Apr 2022 at 14:17, Andy Smith <andy(a)bitfolk.com> wrote: > >> Hello, >> >> On Tue, Apr 12, 2022 at 01:18:13PM +0100, Keith Williams wrote: >> > oops sorry NS1 was the one refusing, so it has probably not updated >> yet? >> >> DNS zone transfers should be very quick; at most a few seconds. Also >> most of the four addresses don't even return the SOA record (meaning >> they have no concept of the zone at all), and then later they do >> return something. >> >> I can't communicate with 85.119.84.35 / 2001:ba8:1f1:f309::2 at all >> now (100% packet loss). >> >> It looks very broken. >> >> Cheers, >> Andy >> >> -- >> https://bitfolk.com/ -- No-nonsense VPS hosting >> _______________________________________________ >> users mailing list >> users(a)lists.bitfolk.com >> https://lists.bitfolk.com/mailman/listinfo/users >> >

Andy Smith

2:57 p.m.

Hello, On Tue, Apr 12, 2022 at 03:22:42PM +0100, Keith Williams wrote:

...

http://dns.squish.net/traverses/c7ef60f1ea016045497c747b842a4dea seems to be OK now.

Keith Williams

3:17 p.m.

Thanks Andy, I will go through the logs and see what I can find. On Tue, 12 Apr 2022 at 15:58, Andy Smith <andy(a)bitfolk.com> wrote:

...

Hello, On Tue, Apr 12, 2022 at 03:22:42PM +0100, Keith Williams wrote:

http://dns.squish.net/traverses/c7ef60f1ea016045497c747b842a4dea seems to be OK now.

I still see intermittent REFUSED responses from 85.119.82.237 and 2001:ba8:1f1:f29d::2 (sometimes one and not the other, sometimes both, sometimes neither). Something is still not right but your logs should say why it replies with REFUSED. Cheers, Andy _______________________________________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/users

Andy Smith

12:32 p.m.

Hello, On Tue, Apr 12, 2022 at 01:16:53PM +0100, Keith Williams wrote:

...

I was going to wait for a while for everything to propagate then test more thoroughly, but will investigate that first.ns3 is the main NS, LOL, so the secondaries do have it.

It does not help that two of these three nameservers are actually the exact same thing. Counting v4 and v6 there's four distinct addresses. Weirdly enough I sometimes get an answer from one of them, sometimes from two of them, but never from all four. Even sometimes an answer comes from the v4 address of a host but not its v6 address or vice versa. Which is most odd as presumably it's the same bind9 process listening on both addresses. Cheers, Andy

Kevin Steen

9:04 a.m.

On 12/04/2022 08:31, Keith Williams wrote:

...

Here is the reverse zone file ( /var/lib/bind/35-32.84.119.85) for the IP address $ORIGIN . $TTL 600 ; 10 minutes 35.84.119.85.in-addr.arpa. IN SOA ns2.keiths-place.co.uk <http://ns2.keiths-place.co.uk>. keith.keiths-place.co.uk <http://keith.keiths-place.co.uk>. ( 2019120307 600 300 1209600 300 ) NS ns1.keiths-place.co.uk <http://ns1.keiths-place.co.uk>. NS ns2.keiths-place.co.uk <http://ns2.keiths-place.co.uk>. NS ns3.keiths-place.co.uk <http://ns3.keiths-place.co.uk>. $ORIGIN 35.84.119.85.in-addr.arpa. PTR keynesmail.com <http://keynesmail.com>. PTR www.keynesmail.com <http://www.keynesmail.com>. PTR mx10.keynesmail.com <http://mx10.keynesmail.com>. PTR webmail.keynesmail.com <http://webmail.keynesmail.com>.

I don't think multiple PTR records are valid - there can be only one, which may be confusing the receiving software. My setup is something like the following: rose.idhost.info. A 1.2.3.4 4.3.2.1.in-addr.arpa. PTR rose.idhost.info. idhost.info. MX 10 rose.idhost.info. kevinsteen.net. MX 10 rose.idhost.info. ... -Kevin

Andy Smith

10:35 a.m.

Hello, On Tue, Apr 12, 2022 at 10:04:14AM +0100, Kevin Steen wrote:

...

On 12/04/2022 08:31, Keith Williams wrote: > $ORIGIN 35.84.119.85.in-addr.arpa.

This is not the correct zone name, so Keith is serving a completely different zone to what is being asked for, which is why queries get a REFUSED answer.

...

PTR keynesmail.com <http://keynesmail.com>. PTR www.keynesmail.com <http://www.keynesmail.com>. PTR mx10.keynesmail.com <http://mx10.keynesmail.com>. PTR webmail.keynesmail.com <http://webmail.keynesmail.com>.

I don't think multiple PTR records are valid - there can be only one, which may be confusing the receiving software.

It is valid in DNS but there are some cases of mail servers that don't understand this, and only process the first answer, which is usually random. As it is mostly only a cosmetic thing, and there's no issue with having one host e.g. mail.example.com that also does HELO as mail.example.com, I do recommend sticking to just one PTR record. It's just that some people host mail for e.g. foo.com and bar.com and want no mention at all of bar.com in the records and HELO for foo.com and vice versa, so they add matching names for everything. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

Andy Smith

10:48 a.m.

Hello, On Tue, Apr 12, 2022 at 08:31:08AM +0100, Keith Williams wrote:

...

Here was the error message host mx.lb.btinternet.com[213.120.69.89] refused to talk to me: 421 re-prd-rgin-002.btmx-prd.synchronoss.net Service not available - no PTR record for 85.119.84.35

So pretty clear that they see no PTR record. The next step would be to query the PTR record yourself, which is what I did in the earlier email and that confirms there is a problem.

...

Here is the reverse zone file ( /var/lib/bind/35-32.84.119.85) for the IP address

So by the file name ("35-32.84.119.85") you do perhaps believe that you are serving the zone "35-32.84.119.85.in-addr.arpa", but by the actual zone contents:

...

35.84.119.85.in-addr.arpa. IN SOA ns2.keiths-place.co.uk.

[…]

...

$ORIGIN 35.84.119.85.in-addr.arpa.

… you are serving the zone "35.84.119.85.in-addr.arpa". So all these entries:

...

PTR keynesmail.com. PTR www.keynesmail.com. PTR mx10.keynesmail.com. PTR webmail.keynesmail.com. PTR aakanee.com. PTR www.aakanee.com. PTR leightonbuzzard.net. PTR keiths.space. PTR www.keiths.space. PTR splog.keiths.space. PTR ns1.keiths-place.co.uk. PTR www.leightonbuzzard.net. PTR newportpagnell.net. PTR www.newportpagnell.net. PTR mail.wingravegolf.co.uk. PTR webmail.wingravegolf.co.uk.

… are for "35.84.119.85.in-addr.arpa" which is not the query that arrives at your nameservers. On the Panel web page for this: https://panel.bitfolk.com/dns/ …when you select to have the reverse DNS for the single IP address delegated to your nameservers, it does tell you on the page the name of the zone that you should serve (plus example content): https://ibb.co/bP5jP9p If you (or anyone else) has any suggestions on how to make this clearer please do let us know. Alternatively if it is not straightforward, it may be best to just directly set the reverse DNS of your single IP there in that interface. You aren't really gaining much by having this delegated; it's just one more thing to have to configure. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting

984

days inactive

985

days old

users@mailman.bitfolk.com

Manage subscription

26 comments

5 participants

tags (0)

participants (5)

Andy Bennett
Andy Smith
John Winters
Keith Williams
Kevin Steen