3

In your experience, have you found there to be any actual problems with having redundant PTR records (same name, multiple IPs) for a given host?

Additionally, would you expect to see corresponding A or CNAME records for each PTR?

EDIT: Wow, thank all of you for the great info!

mikewaters
  • 1,175
  • 1
  • 14
  • 27

3 Answers3

3

In the unusual case that your host has multiple Internet facing addresses and your mail server randomly binds to them when sending, you might want to configure that host as you suggest. This may cause problems for remote servers sending you mail if your server fails as they may try each address in succession. (I have seen a lot of posts from users having problems getting applications to send from the non-primary address on an interface.) rDNS rules are of concern when you are sending, so I would verify that the only the primary address is being used and configure DNS accordingly. You may be able to choose another public address and configure your server to bind to it. I would verify that configuration. You can verify the address you are sending from by sending a message to ipconfirm@postmaster.aol.com as described on the AOL troubleshooting page.

If you have multiple addresses for an A record, then you could have a PTR record back to that A record for each of those addresses. This would be unusual and I would NOT recommend doing so. All of the lookups I have done for A records with multiple IP addresses have PTR records back to a unique domain name. Having each PTR record return a unique domain makes it much easier to determine which host is malfunctioning should it be necessary. The few cases I have seen the same domain from multiple servers appear to be moves of the domain to a new IP address.

The one domain I know of that uses a singe domain name for multiple servers is facebook.com. They use a single name mx-out.facebook.com as the name in the HELO command. Its A record returns two addresses, but they have a farms of servers with PTR records to unique names other than mx-out.facebook.com. All of their severs that have sent me mail pass rDNS validation on their IP addresses.

Likewise, is is legal but not common to have a PTR record return multiple domains. Not all providers will support this. Of the hundreds of mail servers I have in my email database, very few have more than one PTR record. The majority of those don't have a valid rDNS lookup for any of the domains.

It is best to have separate domain (host) names for each IP address with pointer records pointing back to that unique domain name. Any A records with multiple addresses would be different from any of the host names and are generally used to load balance web servers and other stateless services. The configurations I have seen for load balancing SMTP servers use multiple MX records with the same prioritity. Overload and server failure can be handled with multiple MX records with different priorities.

For an example try following the addresses for google.com or a similar server to their PTR records and back. You might also want to look at the mail servers for any of the large freemail services like gmail, hotmail, or yahoo.

It is common to have PTR record for addresses not hosting an Internet mail server which do not have a corresponding A record. ISPs often use this technique.

If the PTR record of an SMTP server points to an A record which does not point back to the PTR record, something is broken.

My research shows servers which pass rDNS and have a valid SPF record for the hostname or HELO name are more than 90% likely to deliver ham rather than SPAM. Few of the failures to deliver are Spam related.

Systems which fail to pass rDNS are highly likely to be sending spam. Those that don't send spam are most likely to be sending to a mailing lists or otherwise sending automated email.

BillThor
  • 27,737
  • 3
  • 37
  • 69
  • That is not at all unusual, and you have provided no supporting evidence. You've also provided no justification for your recommendation for "NOT" doing it, besides of course your assertion that it is "unusual". As is, this answer spreads FUD. Separately, it is not at all unusual in my experience, nor does it cause any problems that I can think of. – hobodave Mar 03 '11 at 04:05
  • @hobodave: I had not intention of spreading FUD, and don't belive I did so. I believe my recommendations are will supported by the RFCS and other best practices. I have been dealing with email problems for years. For most of the past year, I have captured details on every incoming SMTP request to a database for analysis. May answers are based on that experience and analysis. Do you have conflicting evidence? – BillThor Mar 03 '11 at 07:28
  • @BillThor: Just anecdotal and personal experience. The other answers present agree. – hobodave Mar 03 '11 at 07:36
  • @hobodave: My answers for general DNS would be somewhat different, and I tried to incorporate that in my answer. The topic is SMTP, and my answer reflects best practices, experience, and research. – BillThor Mar 03 '11 at 08:10
  • @BillThor: Fair enough. Your latest edits have improved your answer a lot. Thanks for the updates and explanation. – hobodave Mar 03 '11 at 08:17
  • @hobodave: Thanks for helping me clarify my answer. – BillThor Mar 03 '11 at 17:01
2

There are various misunderstandings of how the DNS operates that make people think that address→name must be the inverse of name→address. It's not necessary that this be so, and that's not how the DNS actually operates. As for multiple addresses mapping onto the same name: That's not improper, either. It doesn't share the problems of a single address mapping to multiple names, moreover, and fan-in is at least better than fan-out when it comes to the Half-Baked Ideas Brigade doing address→name→address lookups.

The simplest approach to address→name lookup is to just set up opaque content DNS service, using something like walldns, and make the appropriate delegations pointing to it so that it is used. That gives one address→name and name→address mappings that are the inverses of each other, with automatically-generated names.

Ward - Trying Codidact
  • 12,899
  • 28
  • 46
  • 59
JdeBP
  • 3,990
  • 18
  • 17
  • Interesting reading, but wow! Is this what happens when you get angry and have time on your hands? :-) Quite comprehensively putting the IT world to rights! – Coops Mar 03 '11 at 09:26
1

For email, the primary concern is going to be remote hosts using PTR records as part of their spam evaluation. (Make sure you use SPF, too!) It should not be an issue to configure the PTR records for multiple addresses to a given name in this way.

As far as what you'd 'expect' to see, you can feel free to make it as clean (perfect matching between forward and reverse) or as lazy (say, setting 1.30.40.3 to resolve to 1-30-40-3.mydomain.com) as you'd like. Most applications really don't care how reverse lookups are set up, it's more often used for host-discovery and personal sanity ("what the heck was at that IP, again?").

One of the only places this is going to potentially matter is for your DNS servers; you want to make sure that they forward-resolve and reverse-resolve correctly.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251