MXToolbox: Reverse DNS does not contain the hostname

[linux4me2]

I'm not sure if there is actually something configured incorrectly, or if the tool I'm using, MXToolbox, is just giving me a false positive result.

I've disabled "Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam." in my Exim configuration and re-started Exim before testing.

Let's say my host name is host.mydomain.com and the main IP for the server is 11.11.11.11.

If I put a domain on a shared IP called "thedomain.com" in MXToolbox's MX lookup tool, it returns the shared IP address that the domain is set to. Let's call it 22.22.22.22.

If I then do MX Toolbox's SMTP test on 22.22.22.22, all the tests are okay except for "SMTP Reverse DNS Mismatch" which gives the error "Reverse DNS does not contain the hostname."

Next, I logged onto the server and checked the hostname of the server:

[[email protected] ~]# host 11.11.11.11
11.11.11.11.in-addr.arpa domain name pointer host.mydomain.com.

Then I checked to see what hostname is returned if I use the shared IP address:

[[email protected] ~]# host 22.22.22.22
22.22.22.22.in-addr.arpa domain name pointer host.mydomain.com.

So both of the main IP and shared IP appear to be pointing to the correct hostname.

Next, I checked the A record and PTR record for the domain:

[[email protected] ~]# dig thedomain.com +short
22.22.22.22
[[email protected] ~]# dig -x 22.22.22.22 +short
host.mydomain.com.

So it looks like the hostname is returned for both the main IP and the shared IP, as I think it should be, and the A record and PTR record for the domain on the shared IP appear to be doing what they should. Does that mean that MXToolbox is giving me a false positive, or is something actually wrong with my setup?

 

[cPanelLauren]

Hi @linux4me2

I've disabled "Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam." in my Exim configuration and re-started Exim before testing.

Nice catch on this one, this is what usually throws people off.

If I then do MX Toolbox's SMTP test on 22.22.22.22, all the tests are okay except for "SMTP Reverse DNS Mismatch" which gives the error "Reverse DNS does not contain the hostname."

So this is saying reverse DNS does not contain hostname which we know the reverse DNS is set correctly but what about the hostname of the server? If you run the following:

hostname

if the return is anything but host.mydomain.com it needs to be resolved. Does the same behavior occur when testing the 11.11.11.11 IP address?

Thanks!

 

[linux4me2]

Thanks for the reply.

I do get the correct hostname with the command hostname:

[[email protected] ~]# hostname
host.mydomain.com

And also when I test with 11.11.11.11:

[[email protected] ~]# dig -x 11.11.11.11 +short
host.mydomain.com.

I'm scratching my head...

 

[cPanelLauren]

Hi @linux4me2


Do you get the "Reverse DNS does not contain the hostname." error on both IP addresses though?

 

[linux4me2]

No, just on the shared IP, 22.22.22.22, and the domains on it. The main IP, 11.11.11.11 does not give me the "Reverse DNS does not contain the hostname" error on MXToolbox.

It seems like neither IP should give me the error, since both resolve to the hostname, but I still wonder if this is really an MXToolbox issue and not something wrong with my configuration. Maybe there's a better tool to use to check?

 

[cPanelLauren]

In that case, I wonder if the issue is that the hostname doesn't have the secondary IP address as an A record. You could add an A record to the zone file and check again. So long as they're both assigned to the same server it shouldn't actually cause any issues.

 

[linux4me2]

In that case, I wonder if the issue is that the hostname doesn't have the secondary IP address as an A record. You could add an A record to the zone file and check again. So long as they're both assigned to the same server it shouldn't actually cause any issues.

If I look in WHM > DNS Functions > Add an A entry for your hostname, the only IP listed is my main IP. Is that the place I would add the A record for the shared IP? Or in the zone for each domain on the shared IP?

 

[linux4me2]

I think I answered my own question. It looks like the UI WHM > DNS Functions > Add an A entry for your hostname only allows for the main IP to be entered.

So, since the main domain in this case is, say, "mydomain.com", you're suggesting adding an A record for the hostname in the zone for mydomain.com?

I took a look to see what A records were already listed for mydomain.com, and I found something interesting. The main IP for my server is 11.11.11.11. The shared IP address is 22.22.22.22, but mydomain.com is on a dedicated IP; let's call it 33.33.33.33. My hostname is host.mydomain.com. In the zone editor for mydomain.com, there is a single A record for the hostname, pointing to the main IP:

host.mydomain.com 14400 IN A 11.11.11.11

The hostname in WHM > DNS Functions > Add an A entry for your hostname is also assigned to the main IP, 11.11.11.11.

In the zone editor for mydomain.com, I added A records for:

host.mydomain.com 14400 IN A 22.22.22.22
host.mydomain.com 14400 IN A 33.33.33.33

I then did SMTP tests using MXToolbox on mydomain.com (which is using 33.33.33.33) and with one of the domains on the shared IP (22.22.22.22), and both no longer gave me the SMTP Reverse DNS Mismatch error on MXToolbox. The sites are still browseable.

Next, I tried one of the other domains I had on a dedicated IP, and as you would expect, it gave me the SMTP Reverse DNS Mismatch error until I added a hostname A record for its IP address in the zone for mydomain.com.

As long as all these hostname A records aren't going to be causing some other problem I haven't discovered yet, it appears that this is a fix. All the tests in MXToolbox are now passed.

I tested all three domains in leafdns.com, and they didn't show any errors, so I think you've found the solution.

You mentioned earlier that:

So long as they're both assigned to the same server it shouldn't actually cause any issues.

Can you give me a little reassurance about that? These domains are all on the same server, but it is a production server, and I really don't want to mess something up.

 

[cPanelLauren]

HI @linux4me2


The only thing I could think of is the DNS lookup would grab one of the other IP addresses - this shouldn't cause a problem at all though since they're all assigned to the same server, they're all going to hit the same place. Another idea now that I am thinking about it might be to use /etc/mailhelo and set it to

*: host.domain.tld

which I believe would resolve your issue without adding a bunch of A records though I can't test it locally (this definitely shouldn't have any impact on sites)

You'd need to reference this How to Configure the Exim Outgoing IP Address - cPanel Knowledge Base - cPanel Documentation for instructions on how to make the changes as well. I'd really only set in /etc/mailips:

*: <mainip>

and /etc/mailhelo

*: host.yourdomain.com

 

[linux4me2]

That sounds like a slicker fix. Would those changes get overwritten in an update/upgrade of cPanel?

 

[linux4me2]

I removed all the extra hostname entries from mydomain.com's zone, confirmed that the "Reverse DNS does not contain the hostname" error was back on MXToolbox, then created /etc/mailhelo and /etc/mailips files with the appropriate entries, then set Exim's "Reference /etc/mailhelo for custom outgoing SMTP HELO" and "Reference /etc/mailips for custom IP on outgoing SMTP connections" to "On", restarted Exim, and re-tested with MXToolbox, but the "Reverse DNS does not contain the hostname" errors were back.

That would have been a really nice fix.

 

[cPanelLauren]

Hi @linux4me2


Darn, I'm sorry, I would have tested it first but I'd need multiple IPs that actually resolve and I don't have that ability (nor do i have the ability to set the rDNS for my test server). Looks like we're back to multiple A records which isn't an uncommon practice! You'd need to remove the A record from the zone file if you remove the IP though, that's the only caveat.

 

[linux4me2]

No problem! I appreciate the help. I'll add back the extra A records.

Just out of curiosity, if I did remove one of the IPs from the server, what would happen if I forgot to remove the extra A record for it?

 

[cPanelLauren]

Hi @linux4me2

You'd more than likely run into a DNS error if you attempted to access the site on the IP that had been removed from the server is all.

 

[linux4me2]

Okay, that's survivable.

Everything is working so far with the multiple A records, so I think I'm good. I'm going to leave the TTL for those records at 300 for a week and see if anything comes up, just in case.

 

[cPanelLauren]

Hi @linux4me2


That's a good plan, please update here if there are any issues as well!

 

[linux4me2]

Will do. Thanks for the help.

 

[linux4me2]

Adding the multiple A records seems to have worked, and I've had no reports of issues, so I think this one is solved.

@cPanelLauren, thanks for the help.