reverse dns : the hostname given in the SMTP greeting must have an A record...

trucmuche

Well-Known Member
Nov 20, 2014
93
4
58
cPanel Access Level
Root Administrator
Hello,

I have a NDD (gandi) and it uses the Gandi name servers to point to my vps.
I wrote the gandi zone file for this domain and I asked my provider to configure the reverse dns (PTR). Everything works perfectly... except I got two warnings when I test the domain with dnsqueries.com. It says :
1) Your nameserver do not include A records when asked for your NS records.
2) The configuration of your mail servers and your DNS are not ok! The report of the test is: mydomain.com. -> www1.mydomain.com -> xx.yyy.zzz.ttt -> mydomain.com
Spam recognition software and RFC821 4.3 (also RFC2821 4.3.1) state that the hostname given in the SMTP greeting MUST have an A record pointing back to the same server.

Considering that the DNS server I use are the GANDI's one and not the VPS ones, what should I modify ? I don't understand if I have to modify something in WHM or in the zone file in Gandi configuration of my domain...

Could you help me, please ?

trucmuche
 

LostNerd

Well-Known Member
Mar 12, 2014
258
12
18
Hastings, East Sussex, UK
cPanel Access Level
Root Administrator
Twitter
  1. You need to create an "A" record for each of your nameservers.
    Code:
    ns1.domain.com    14400    IN    A    123.123.123.123
    ns2.domain.com    14400    IN    A    321.321.321.321
  2. I believe this is because the reverse DNS does not exactly match the SMTP banner.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,219
463
Hello,

You will need to ensure an "A" record is configured for your server's hostname pointing back to the IP address of the server. Add the "A" record in the DNS zone of wherever the DNS for the domain name it's associated with is handled.

Thank you.
 

trucmuche

Well-Known Member
Nov 20, 2014
93
4
58
cPanel Access Level
Root Administrator
1. Hmmmm. Thanks but it remains something unclear for me... I use the Gandi's DNS and here is the zone file that I use for my domain (xxx.yyy.zzz.ttt is the IP address of my vps) :
* 10800 IN A xxx.yyy.zzz.ttt
@ 10800 IN A xxx.yyy.zzz.ttt
cpanel 10800 IN A xxx.yyy.zzz.ttt
ftp 10800 IN A xxx.yyy.zzz.ttt
mail 10800 IN A xxx.yyy.zzz.ttt
webdisk 10800 IN A xxx.yyy.zzz.ttt
webmail 10800 IN A xxx.yyy.zzz.ttt
whm 10800 IN A xxx.yyy.zzz.ttt
www 10800 IN A xxx.yyy.zzz.ttt
www1 10800 IN A xxx.yyy.zzz.ttt​
Are you saying that I should add to my Gandi zone file the following :
a.dns.gandi.net 14400 IN A 173.246.98.1
b.dns.gandi.net 14400 IN A 213.167.229.1
c.dns.gandi.net 14400 IN A 217.70.179.1​
???
2. when I check my smtp server with mxtoolbox, it says :
SMTP Valid Hostname : Reverse DNS is not a valid Hostname
SMTP Reverse DNS Mismatch : OK - xxx.yyy.zzz.ttt resolves to mydomainname.com
SMTP Banner Check : OK - Reverse DNS matches SMTP Banner
SMTP TLS : OK - Supports TLS.
SMTP Connection Time : 1.014 seconds - Good on Connection time
SMTP Open Relay : OK - Not an open relay.
SMTP Transaction Time : 3.463 seconds - Good on Transaction Time
Thanks again...

Trucmuche
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,219
463
One additional note to keep in mind is that often times you must have RDNS configured by your data center. You can request they configure RDNS for your IP address to point back to the hostname of your server.

Thank you.
 

trucmuche

Well-Known Member
Nov 20, 2014
93
4
58
cPanel Access Level
Root Administrator
Yes, I already asked to my datacenter to configure the RDNS, it's done (and the warning I'm taking about is given after the propagation of the RDNS)... Could you tell me if the modification I have written in my precedent post is the thing I have to do ? Or am I misunderstanding something ?
Thanks again...
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,219
463
Could you tell me if the modification I have written in my precedent post is the thing I have to do ? Or am I misunderstanding something ?
Yes, you should add "A" records for your name server entries and your hostname at the DNS provider for the domain name associated with those records.

Thank you.