Emails deliverability - Reverse DNS does not work with private IP addresses

psytanium

Well-Known Member
Jun 6, 2014
319
19
68
Lebanon
cPanel Access Level
Root Administrator
Hello,

Today I upgraded to the latest cpanel version, interesting feature to improve email reputation.

The new feature found a misconfiguration problem, error:

--------

The system sends this domain’s outgoing mail from a private IP address, “10.217.192.9”. Reverse DNS does not work with private IP addresses because DNS does not store PTR records for them.

The server may be misconfigured. Ensure that this server’s IP configuration, including the NAT configuration, is correct.

--------

I tried to work around the Edit DNS Zone but I think i need some hints and knowledge to fix it.

Thanks
 

Laurel A

Member
Jan 5, 2017
7
0
1
San Francisco, CA
cPanel Access Level
Root Administrator
Yeah, I was just going to ask about how to set up the PTR record too. The cPanel suggestion to fix it says I need to update a record on a propagation.net server... which is GoDaddy and we don't have any services with GoDaddy! I think maybe I need to contact the company that hosts the server, but I don't really even know what to tell them.
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,284
313
Houston
Hi @psytanium

I tried to work around the Edit DNS Zone but I think i need some hints and knowledge to fix it.
I unfortunately don't have a NAT routed server that would be suitable to test this on to replicate, could you please open a ticket using the link in my signature so that we can look into this issue further? Once opened please update this thread with the ticket ID so that we can update this thread with the outcome.

Yeah, I was just going to ask about how to set up the PTR record too. The cPanel suggestion to fix it says I need to update a record on a propagation.net server... which is GoDaddy and we don't have any services with GoDaddy! I think maybe I need to contact the company that hosts the server, but I don't really even know what to tell them.
In most cases and I think GoDaddy's case you need to contact them directly to manage this. IF you are able to manage your own rDNS you can use this step by step guide we have available: How to Configure Reverse DNS for BIND in WHM - cPanel Knowledge Base - cPanel Documentation

Thanks!
 

psytanium

Well-Known Member
Jun 6, 2014
319
19
68
Lebanon
cPanel Access Level
Root Administrator
Just to update the result.

--
Private IPs should be ignored in regards to PTR records as they do not support this functionality. We are currently opening an internal improvement case to update the verbiage on the page to be more clear as to what needs to be done. As of now you can simply ignore the mention of the private IP.
--

Thank you for the support
 

amh5514

Registered
Sep 30, 2015
2
0
1
ERIE
cPanel Access Level
Root Administrator
Were you able to get this resolved? I also have Godaddy and can not remove the internal IP address from the SPF and Reverse DNS. When I visit my Godaddy VPS page, it shows the three iP addresses I created and a fourth named "Internal" (See image below). Clicking on the info icon for the internal IP, it states, "This IP address is the local address for our internal network. This address is not publicly accessible and may change. It is displayed for informational purposes only; all configured services and server public access should use one of your public IP addresses."
 

Attachments

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,284
313
Houston
If you're using CloudFlare you cannot add the CloudFlare IP for the PTR this is discussed in Managing DNS records in Cloudflare

For which IP to apply a PTR on if you have more than one you should have it on all public IP addresses (private IP's will not need it) - in theory, they will all resolve to the hostname of the server
 

psytanium

Well-Known Member
Jun 6, 2014
319
19
68
Lebanon
cPanel Access Level
Root Administrator
The error disappeared but now i looked at Mail deliverabilty again and found it again :

The system sends this domain’s outgoing mail from a private IP address, “xx.xxx.xxx.9”. Reverse DNS does not work with private IP addresses because DNS does not store PTR records for them.

The server may be misconfigured. Ensure that this server’s IP configuration, including the NAT configuration, is correct.
Should I worry ? What does it mean ? Thanks
 

psytanium

Well-Known Member
Jun 6, 2014
319
19
68
Lebanon
cPanel Access Level
Root Administrator
I received this output :

Code:
warn [build_cpnat] Unable to map **.***.***.9
info [build_cpnat] ***.***.***.81 => ***.***.***.81
info [build_cpnat] All publicly routeable addresses are the same as the local address. Not a NAT system.
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,284
313
Houston
The first entry, "Unable to map" is that for the private IP? If so I'd suggest contacting your provider for further assistance, since the public IP's seem fine, but the private IP which doesn't appear to be in use (as far as NAT routing is concerned) is what's getting picked up as primary.
 

psytanium

Well-Known Member
Jun 6, 2014
319
19
68
Lebanon
cPanel Access Level
Root Administrator

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,284
313
Houston
Having a valid PTR record is vital to the ability to be able to send/receive mail without it being flagged as spam, I would call this a mandatory measure for anyone wanting to send email not an added security measure.

The issue here isn't the PTR record though, the issue is that the private IP address is in a position to be flagged as the primary IP address of the system.

You can manually check if you have valid PTR records as well by running something like the following via SSH:

Code:
host IPAddressHere
The answer should be something like
Code:
ipaddress-in-reverse.in-addr-arpa domain name pointer your.hostname.tld
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,284
313
Houston
That output indicates you do not currently have a PTR record on the IP address you looked at - to confirm you were not using the private IP address to check correct? This needs to be done on the public IP addresses
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,284
313
Houston
The documentation your provider sent you includes instructions on how to set up reverse DNS but as far as I know they don't delegate access to their nameservers to set up reverse DNS on their IP addresses so you'd need to contact them to have it implemented on all of your public IP addresses - They have this article which might be helpful for you: What is Reverse DNS? | Domains - GoDaddy Help US