Has my ISP mangled my DNS reverse lookup record for a single static IP address?

I’ve taken on the task of running a small email server, and the world of spam makes it more challenging for an individual, as many MTAs are highly paranoid about accepting email.

I think I’ve configured nearly everything that could be a problem successfully: A commercial SSL certificate, DKIM, a proper domain, and static IP address. My (piddly) email in fact goes out almost all of the time. But the most paranoid MTA’s are still rejecting my email – Craigslist for example – and it appears to be my reverse lookup at fault.

I’ve recently changed my static IP address, and my service with my ISP. When they changed it, I tried to get this configured correctly, but I fear it is not. But I’m not 100% certain what is wrong, or what my reverse record should look like.

I especially don’t want to approach my ISP with a “Look, I don’t know what the problem is, but you need to fix it anyhow” attitude. If there’s a problem I want to be able to describe exactly what it is before I get on the phone with the NOC. They don’t offer a control panel for this as far as I can tell, so I don’t want to try anyone’s patience with a bunch of trial and error.

OK, the specifics, redacted & fictional, but consistent:

Domain:                      funkeedomain.org
Mailserver (DNS MX record):  mx.funkeedomain.org
Static IP address:           111.222.333.444
Static IP address reversed:  444.333.222.111
FQDN originally requested of the ISP for reverse lookups: main.funkeedomain.org

Here’s a typical rejection notice from my mail server (hMailServer):

Your message did not reach some or all of the intended recipients.

   Sent: Thu, 12 Jan 2017 11:53:50 -0800 (PST)
   Subject: Blah blah blah

The following recipient(s) could not be reached:

   Error Type: SMTP
   Remote server ( issued an error.
   hMailServer sent: .
   Remote server replied: 550 permanent failure for one or more recipients (2125551111@tmomail.net:550 Sender IP reverse lookup rejected)


A commercial email-sending checker tells me:

main.funkeedomain.org.333.222.111.in-addr.arpa          Failed - No A Record Found in DNS

So, fine. What do DNS tools tell me?

stew@griffin:~$ host 111.222.333.444
444.333.222.111.in-addr.arpa domain name pointer main.funkeedomain.org.333.222.111.in-addr.arpa.

stew@griffin:~$ dig -x 111.222.333.444
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 111.222.333.444
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16150
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4000
;444.333.222.111.in-addr.arpa.   IN      PTR

444.333.222.111.in-addr.arpa. 86365 IN   PTR     main.funkeedomain.org.333.222.111.in-addr.arpa.

;; Query time: 0 msec
;; WHEN: Thu Jan 12 19:09:11 PST 2017
;; MSG SIZE  rcvd: 93

From reading examples (http://www.gettingemaildelivered.com/how-to-set-up-reverse-dns-rdns for instance), my strong impression is that this is wrong, and my reverse record set up by my ISP should be a PTR to “main.funkeedomain.org”, NOT “main.funkeedomain.org.333.222.111.in-addr.arpa.”

Am I right to think this? What should I be expecting in my reverse record if not what I’m finding?


Leave a Reply