Reverse DNS

Why might I need a reverse DNS record?

Some say no, less information given out the better.

Others say yes, but why? How does it help?

Thanks,

-Frank

You probably do not need it but it is not a bad idea to implement. I don't
see it as being a security risk assuming other security best practices are
used. It can be used with some applications that restrict access by domain
or host name. If an IP address is used to try and access a resource a
reverse lookup could be used to check to see if that host or domain name is
on a restricted list which would not be possible otherwise. --- Steve


"Frankster" <(E-Mail Removed)> wrote in message
news:bNKdncC8t5fpFujfRVn-(E-Mail Removed)...
> Why might I need a reverse DNS record?
>
> Some say no, less information given out the better.
>
> Others say yes, but why? How does it help?
>
> Thanks,
>
> -Frank
>

I think the most common reason to have it is email-related. Some
SPAM-filtering techniques include performing reverse lookups on the incoming
SMTP connection. The idea is that if a *company* is sending the mail from
xyz.com domain and his IP address 1.2.3.4 has proper reverse DNS, the
receiving mail system assumes that it's a legitimate email server. Since a
lot of the viruses and spam messages are relayed through home users, when an
email is received purporting to be from somecompany.com and but the reverse
maps to myhomeisp.net, the mail server assumes that it's an fraudulent email
of some sort.

Most of the newer spam filtering technologies use a variety of techniques to
detect spam, and reverse mapping is only a portion of it. However, if you
have clients/vendors/partners that will bounce mail on bad RDNS, you might
want to put it in.

While section 6.4 of RFC 1035 lists "inverse" DNS as "Optional," most people
that I know think it's good form to implement it.

"Frankster" <(E-Mail Removed)> wrote in message
news:bNKdncC8t5fpFujfRVn-(E-Mail Removed)...
> Why might I need a reverse DNS record?
>
> Some say no, less information given out the better.
>
> Others say yes, but why? How does it help?
>
> Thanks,
>
> -Frank
>

I think you hit the proverbial nail on the head. SPAM filtering techniques
have greatly improved in the last few years. As you say, RDNS used to be
one of the only possible criteria but now is but a small fraction of the
total SPAM identification techniques, which now use almost exclusively
mathematically weighted algorithms.

I've read that the practice of refusing mail based on not having RDNS has
almost disappeared. My own mail server has that capability also, but I
don't enable that feature. As I suspect not many others do either. My own
mail server has a mathematically weighted and configurable SPAM system too.
Works well.

Anyway, I removed my reverse DNS listing about two weeks ago and have had no
problem with email. I run a server with 4 domains pointing to the same IP.
All have web presence and mail. I think I'll leave it that way until I have
problems.

Funny, it's not really mail that causes me to want to remove it. It is web
surfing. I run a Firewall with NAT so that all surfing from any of my
internal machines appears to be coming from that firewall. I'd prefer not
to have surfing activities identified by RDNS. I am convinced that a lot of
SPAM I do receive comes from unscrupulous folks garnering my RDNS info.

Example: I can look in my mail logs and see repeated attempts to send mail
to non existent userID's. (i.e. (E-Mail Removed), (E-Mail Removed),
(E-Mail Removed), (E-Mail Removed), (E-Mail Removed),
(E-Mail Removed), (E-Mail Removed), etc., etc., etc.)

Now each of these always uses the domain name I had configured in reverse
lookup. Remember, I have 4 domains pointed to this IP. Only the one
configured as reverse lookup was the target of this type of SPAM.

Bottom line, I like it better without RDNS. Only time will tell if it truly
causes any trouble.

Thank you for your post. I would be interested if you have any more
thoughts on this matter.

-Frank

"Aaron Guilmette" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I think the most common reason to have it is email-related. Some
>SPAM-filtering techniques include performing reverse lookups on the
>incoming SMTP connection. The idea is that if a *company* is sending the
>mail from xyz.com domain and his IP address 1.2.3.4 has proper reverse DNS,
>the receiving mail system assumes that it's a legitimate email server.
>Since a lot of the viruses and spam messages are relayed through home
>users, when an email is received purporting to be from somecompany.com and
>but the reverse maps to myhomeisp.net, the mail server assumes that it's an
>fraudulent email of some sort.
>
> Most of the newer spam filtering technologies use a variety of techniques
> to detect spam, and reverse mapping is only a portion of it. However, if
> you have clients/vendors/partners that will bounce mail on bad RDNS, you
> might want to put it in.
>
> While section 6.4 of RFC 1035 lists "inverse" DNS as "Optional," most
> people that I know think it's good form to implement it.
>
> "Frankster" <(E-Mail Removed)> wrote in message
> news:bNKdncC8t5fpFujfRVn-(E-Mail Removed)...
>> Why might I need a reverse DNS record?
>>
>> Some say no, less information given out the better.
>>
>> Others say yes, but why? How does it help?
>>
>> Thanks,
>>
>> -Frank
>>
>
>

"Frankster" <(E-Mail Removed)> wrote in message
news:2dCdnTZNKLaNz-vfRVn-(E-Mail Removed)...
> Bottom line, I like it better without RDNS. Only time will tell if it
truly
> causes any trouble.
>
> Thank you for your post. I would be interested if you have any more
> thoughts on this matter.

I don't enable RDNS either. I think it is based on the return email address
which is fake anyway. All they have to do to get past the test is use a
valid domain name (like (E-Mail Removed)) in the return address and it will
"pass" regaurdless of where the mail truley came from.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Phillip,

reverse dns lookups have nothing to do with the senders address. if the smtp
server that is connecting to send the email does not have a valid reverse
record that points to an MX, then the rdns test fails... regardless of the
senders forged address.


"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> "Frankster" <(E-Mail Removed)> wrote in message
> news:2dCdnTZNKLaNz-vfRVn-(E-Mail Removed)...
>> Bottom line, I like it better without RDNS. Only time will tell if it
> truly
>> causes any trouble.
>>
>> Thank you for your post. I would be interested if you have any more
>> thoughts on this matter.
>
> I don't enable RDNS either. I think it is based on the return email
> address
> which is fake anyway. All they have to do to get past the test is use a
> valid domain name (like (E-Mail Removed)) in the return address and it
> will
> "pass" regaurdless of where the mail truley came from.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>

It depends on the spam Filtering Software and what it determines the
"source" to be. It isn't a "cut and dried" thing. What the mail server
considers the "source" and what the spam filtering software considers the
"source" when examining the message can be two different things. I have had
false positives because the message was sent with the misconfigured return
address of <username>@mail.domain.com because it didn't resolve correctly.
Had they used <(E-Mail Removed) and left out the "mail" it would have
worked fine. The true mail domain was "domain.com" not "mail.domain.com".
If it wasn't using the return address to do this it would not have had this
problem.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com




<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Phillip,
>
> reverse dns lookups have nothing to do with the senders address. if the
smtp
> server that is connecting to send the email does not have a valid reverse
> record that points to an MX, then the rdns test fails... regardless of the
> senders forged address.
>
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> > "Frankster" <(E-Mail Removed)> wrote in message
> > news:2dCdnTZNKLaNz-vfRVn-(E-Mail Removed)...
> >> Bottom line, I like it better without RDNS. Only time will tell if it
> > truly
> >> causes any trouble.
> >>
> >> Thank you for your post. I would be interested if you have any more
> >> thoughts on this matter.
> >
> > I don't enable RDNS either. I think it is based on the return email
> > address
> > which is fake anyway. All they have to do to get past the test is use a
> > valid domain name (like (E-Mail Removed)) in the return address and it
> > will
> > "pass" regaurdless of where the mail truley came from.
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
>
>

The problem exists BEFORE the spam software starts looking at sender address
information. I've had the same problem. Our email server has an MX record
that identifies it. You can send us mail - no problem. There are some
organisations that drop your connection if they cannot identify you. It's
not a SPAM issue. They see the IP address trying to deliver mail. They look
it up. They cannot find it. They drop the SMTP connection. If you create a
reverse lookup entry, all is well.

If you don't care about those organisations that depend on identifying
servers using reverse lookups, then you are OK. They WILL drop your mail.


"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> It depends on the spam Filtering Software and what it determines the
> "source" to be. It isn't a "cut and dried" thing. What the mail server
> considers the "source" and what the spam filtering software considers the
> "source" when examining the message can be two different things. I have
> had
> false positives because the message was sent with the misconfigured return
> address of <username>@mail.domain.com because it didn't resolve correctly.
> Had they used <(E-Mail Removed) and left out the "mail" it would have
> worked fine. The true mail domain was "domain.com" not "mail.domain.com".
> If it wasn't using the return address to do this it would not have had
> this
> problem.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Phillip,
>>
>> reverse dns lookups have nothing to do with the senders address. if the
> smtp
>> server that is connecting to send the email does not have a valid reverse
>> record that points to an MX, then the rdns test fails... regardless of
>> the
>> senders forged address.
>>
>>
>> "Phillip Windell" <@.> wrote in message
>> news:(E-Mail Removed)...
>> > "Frankster" <(E-Mail Removed)> wrote in message
>> > news:2dCdnTZNKLaNz-vfRVn-(E-Mail Removed)...
>> >> Bottom line, I like it better without RDNS. Only time will tell if it
>> > truly
>> >> causes any trouble.
>> >>
>> >> Thank you for your post. I would be interested if you have any more
>> >> thoughts on this matter.
>> >
>> > I don't enable RDNS either. I think it is based on the return email
>> > address
>> > which is fake anyway. All they have to do to get past the test is use a
>> > valid domain name (like (E-Mail Removed)) in the return address and it
>> > will
>> > "pass" regaurdless of where the mail truley came from.
>> >
>> > --
>> >
>> > Phillip Windell [MCP, MVP, CCNA]
>> > www.wandtv.com
>> >
>> >
>>
>>
>
>

Just to add to Mathanges reply.

As of October 2004 most major email providers are also looking at the SPF
record too . Hotmail and MSN started this at that time. You will be dropped
by Netscape and AOL if you do not have these on your domain.And possibly
Hotmail.

You can check this here. http://www.dnsreport.com it will give you the goods
on what you need. Here this will help trace back slovaun.com and read to help
you understand.

Joe

"Mathenge" wrote:

> The problem exists BEFORE the spam software starts looking at sender address
> information. I've had the same problem. Our email server has an MX record
> that identifies it. You can send us mail - no problem. There are some
> organisations that drop your connection if they cannot identify you. It's
> not a SPAM issue. They see the IP address trying to deliver mail. They look
> it up. They cannot find it. They drop the SMTP connection. If you create a
> reverse lookup entry, all is well.
>
> If you don't care about those organisations that depend on identifying
> servers using reverse lookups, then you are OK. They WILL drop your mail.
>
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> > It depends on the spam Filtering Software and what it determines the
> > "source" to be. It isn't a "cut and dried" thing. What the mail server
> > considers the "source" and what the spam filtering software considers the
> > "source" when examining the message can be two different things. I have
> > had
> > false positives because the message was sent with the misconfigured return
> > address of <username>@mail.domain.com because it didn't resolve correctly.
> > Had they used <(E-Mail Removed) and left out the "mail" it would have
> > worked fine. The true mail domain was "domain.com" not "mail.domain.com".
> > If it wasn't using the return address to do this it would not have had
> > this
> > problem.
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> >
> >
> > <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Phillip,
> >>
> >> reverse dns lookups have nothing to do with the senders address. if the
> > smtp
> >> server that is connecting to send the email does not have a valid reverse
> >> record that points to an MX, then the rdns test fails... regardless of
> >> the
> >> senders forged address.
> >>
> >>
> >> "Phillip Windell" <@.> wrote in message
> >> news:(E-Mail Removed)...
> >> > "Frankster" <(E-Mail Removed)> wrote in message
> >> > news:2dCdnTZNKLaNz-vfRVn-(E-Mail Removed)...
> >> >> Bottom line, I like it better without RDNS. Only time will tell if it
> >> > truly
> >> >> causes any trouble.
> >> >>
> >> >> Thank you for your post. I would be interested if you have any more
> >> >> thoughts on this matter.
> >> >
> >> > I don't enable RDNS either. I think it is based on the return email
> >> > address
> >> > which is fake anyway. All they have to do to get past the test is use a
> >> > valid domain name (like (E-Mail Removed)) in the return address and it
> >> > will
> >> > "pass" regaurdless of where the mail truley came from.
> >> >
> >> > --
> >> >
> >> > Phillip Windell [MCP, MVP, CCNA]
> >> > www.wandtv.com
> >> >
> >> >
> >>
> >>
> >
> >
>
>
>

Sorry Mathenge for misspelling your name = )

Didn't see it till after the post.

Joe

"Mathenge" wrote:

> The problem exists BEFORE the spam software starts looking at sender address
> information. I've had the same problem. Our email server has an MX record
> that identifies it. You can send us mail - no problem. There are some
> organisations that drop your connection if they cannot identify you. It's
> not a SPAM issue. They see the IP address trying to deliver mail. They look
> it up. They cannot find it. They drop the SMTP connection. If you create a
> reverse lookup entry, all is well.
>
> If you don't care about those organisations that depend on identifying
> servers using reverse lookups, then you are OK. They WILL drop your mail.
>
>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
> > It depends on the spam Filtering Software and what it determines the
> > "source" to be. It isn't a "cut and dried" thing. What the mail server
> > considers the "source" and what the spam filtering software considers the
> > "source" when examining the message can be two different things. I have
> > had
> > false positives because the message was sent with the misconfigured return
> > address of <username>@mail.domain.com because it didn't resolve correctly.
> > Had they used <(E-Mail Removed) and left out the "mail" it would have
> > worked fine. The true mail domain was "domain.com" not "mail.domain.com".
> > If it wasn't using the return address to do this it would not have had
> > this
> > problem.
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> >
> >
> > <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Phillip,
> >>
> >> reverse dns lookups have nothing to do with the senders address. if the
> > smtp
> >> server that is connecting to send the email does not have a valid reverse
> >> record that points to an MX, then the rdns test fails... regardless of
> >> the
> >> senders forged address.
> >>
> >>
> >> "Phillip Windell" <@.> wrote in message
> >> news:(E-Mail Removed)...
> >> > "Frankster" <(E-Mail Removed)> wrote in message
> >> > news:2dCdnTZNKLaNz-vfRVn-(E-Mail Removed)...
> >> >> Bottom line, I like it better without RDNS. Only time will tell if it
> >> > truly
> >> >> causes any trouble.
> >> >>
> >> >> Thank you for your post. I would be interested if you have any more
> >> >> thoughts on this matter.
> >> >
> >> > I don't enable RDNS either. I think it is based on the return email
> >> > address
> >> > which is fake anyway. All they have to do to get past the test is use a
> >> > valid domain name (like (E-Mail Removed)) in the return address and it
> >> > will
> >> > "pass" regaurdless of where the mail truley came from.
> >> >
> >> > --
> >> >
> >> > Phillip Windell [MCP, MVP, CCNA]
> >> > www.wandtv.com
> >> >
> >> >
> >>
> >>
> >
> >
>
>
>