Emails deliverability - Reverse DNS does not work with private IP addresses

[psytanium]

Hello,

Today I upgraded to the latest cpanel version, interesting feature to improve email reputation.

The new feature found a misconfiguration problem, error:

--------

The system sends this domain’s outgoing mail from a private IP address, “10.217.192.9”. Reverse DNS does not work with private IP addresses because DNS does not store PTR records for them.

The server may be misconfigured. Ensure that this server’s IP configuration, including the NAT configuration, is correct.

--------

I tried to work around the Edit DNS Zone but I think i need some hints and knowledge to fix it.

Thanks

 

[Laurel A]

Yeah, I was just going to ask about how to set up the PTR record too. The cPanel suggestion to fix it says I need to update a record on a propagation.net server... which is GoDaddy and we don't have any services with GoDaddy! I think maybe I need to contact the company that hosts the server, but I don't really even know what to tell them.

 

[cPanelLauren]

Hi @psytanium

I tried to work around the Edit DNS Zone but I think i need some hints and knowledge to fix it.

I unfortunately don't have a NAT routed server that would be suitable to test this on to replicate, could you please open a ticket using the link in my signature so that we can look into this issue further? Once opened please update this thread with the ticket ID so that we can update this thread with the outcome.

Yeah, I was just going to ask about how to set up the PTR record too. The cPanel suggestion to fix it says I need to update a record on a propagation.net server... which is GoDaddy and we don't have any services with GoDaddy! I think maybe I need to contact the company that hosts the server, but I don't really even know what to tell them.

In most cases and I think GoDaddy's case you need to contact them directly to manage this. IF you are able to manage your own rDNS you can use this step by step guide we have available: How to Configure Reverse DNS for BIND in WHM - cPanel Knowledge Base - cPanel Documentation

Thanks!

 

[psytanium]

11499419

Thank you

 

[psytanium]

Just to update the result.

--
Private IPs should be ignored in regards to PTR records as they do not support this functionality. We are currently opening an internal improvement case to update the verbiage on the page to be more clear as to what needs to be done. As of now you can simply ignore the mention of the private IP.
--

Thank you for the support

 

[Orlando Fernando Marconi]

I have access to WHM, use Godaddy's VPS and Cloudflare for DNS.

Could someone tell me where to start? Should the PTR in my case only be configured in Cloudflare?

 

[Rafael Alvarez]

I have access to WHM, use Godaddy's VPS and Cloudflare for DNS.

Could someone tell me where to start? Should the PTR in my case only be configured in Cloudflare?


View attachment 57225

Did you managed to solve it? I also have CrapDaddy, but its a VPS and their support team usually is not very useful.

 

[amh5514]

Were you able to get this resolved? I also have Godaddy and can not remove the internal IP address from the SPF and Reverse DNS. When I visit my Godaddy VPS page, it shows the three iP addresses I created and a fourth named "Internal" (See image below). Clicking on the info icon for the internal IP, it states, "This IP address is the local address for our internal network. This address is not publicly accessible and may change. It is displayed for informational purposes only; all configured services and server public access should use one of your public IP addresses."

 

[cPanelLauren]

If you're using CloudFlare you cannot add the CloudFlare IP for the PTR this is discussed in Managing DNS records in Cloudflare

For which IP to apply a PTR on if you have more than one you should have it on all public IP addresses (private IP's will not need it) - in theory, they will all resolve to the hostname of the server

 

[psytanium]

The error disappeared but now i looked at Mail deliverabilty again and found it again :

The system sends this domain’s outgoing mail from a private IP address, “xx.xxx.xxx.9”. Reverse DNS does not work with private IP addresses because DNS does not store PTR records for them.

The server may be misconfigured. Ensure that this server’s IP configuration, including the NAT configuration, is correct.

Should I worry ? What does it mean ? Thanks

 

[cPanelLauren]

This would indicate that the NAT routing is misconfigured. Do you continue to get the error after running the following?

/scripts/build_cpnat

 

[psytanium]

I received this output :

warn [build_cpnat] Unable to map **.***.***.9
info [build_cpnat] ***.***.***.81 => ***.***.***.81
info [build_cpnat] All publicly routeable addresses are the same as the local address. Not a NAT system.

 

[cPanelLauren]

The first entry, "Unable to map" is that for the private IP? If so I'd suggest contacting your provider for further assistance, since the public IP's seem fine, but the private IP which doesn't appear to be in use (as far as NAT routing is concerned) is what's getting picked up as primary.

 

[psytanium]

They replied the following

The error shown is just an added security/authentication to prevent emails from getting flagged as spam. It is far out of our scope. But you can give this external documentation from cpanel how to properly set up reverseDNS
How to Configure Reverse DNS for BIND in WHM - cPanel Knowledge Base - cPanel Documentation

Is that true ? Should i do something from my part ?

Thanks

 

[cPanelLauren]

Having a valid PTR record is vital to the ability to be able to send/receive mail without it being flagged as spam, I would call this a mandatory measure for anyone wanting to send email not an added security measure.

The issue here isn't the PTR record though, the issue is that the private IP address is in a position to be flagged as the primary IP address of the system.

You can manually check if you have valid PTR records as well by running something like the following via SSH:

host IPAddressHere

The answer should be something like

ipaddress-in-reverse.in-addr-arpa domain name pointer your.hostname.tld

 

[psytanium]

Running "host IP **.***.***.9" gave me this result :

Name: **.***.***.9
Address: **.***.***.9#53
Aliases:

Host IP not found: 3(NXDOMAIN)

 

[cPanelLauren]

That output indicates you do not currently have a PTR record on the IP address you looked at - to confirm you were not using the private IP address to check correct? This needs to be done on the public IP addresses

 

[psytanium]

same results on public ip

[[email protected] ~]# host IP ***.***.***.81
Using domain server:
Name: ***.***.***.81
Address: ***.***.***.81#53
Aliases:

How should I fix this issue ? Thanks

 

[cPanelLauren]

The documentation your provider sent you includes instructions on how to set up reverse DNS but as far as I know they don't delegate access to their nameservers to set up reverse DNS on their IP addresses so you'd need to contact them to have it implemented on all of your public IP addresses - They have this article which might be helpful for you: What is Reverse DNS? | Domains - GoDaddy Help US