LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   I've recently run into a situation where the reverse lookup failed on an incoming connection. 
In looking into it, the sender was valid, although the MX records point to their internal nameservers. The PTR record for the incoming IP does not resolve by querying my DNS server, my forwarders, or the root servers. However, by querying one of the listed nameservers for the IP/MX record in question, there is a PTR record for the IP that points to one of their nameservers. Am I making any sense?
The host IP in question is 12.2.45.130 and belongs to a VERY large organization (Gates Arrow.)
FWIW, I use DNS Export Pro to perform zone lookups, etc.
I hesitate to disable the reverse lookup as it alone kills about half my spam per day. As it is now, I have to keep a close eye on the quarantine and I'm not in the shop all the time...I may decide to put the domain in question ion my white list but prefer not to if at all possible.
I've seen discussion that recommends admins remove their "direct" PTR-to-MX host records to reduce spam on their side. Seems to me that they would then see alot of undeliverables given the expanded use of tools like Spamfilter and others by us all.
Is Spamfilter prone to problems when dealing with complex zone records? Is the problem on their side? Is there a problem with *my* DNS lookups?
Thanks,
Russ

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
russ Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote russ Thanks(0) Quote Reply Topic: reverse dns PTR record points to Nameserver Posted: 29 April 2003 at 12:09pm
	I've recently run into a situation where the reverse lookup failed on an incoming connection. In looking into it, the sender was valid, although the MX records point to their internal nameservers. The PTR record for the incoming IP does not resolve by querying my DNS server, my forwarders, or the root servers. However, by querying one of the listed nameservers for the IP/MX record in question, there is a PTR record for the IP that points to one of their nameservers. Am I making any sense? The host IP in question is 12.2.45.130 and belongs to a VERY large organization (Gates Arrow.) FWIW, I use DNS Export Pro to perform zone lookups, etc. I hesitate to disable the reverse lookup as it alone kills about half my spam per day. As it is now, I have to keep a close eye on the quarantine and I'm not in the shop all the time...I may decide to put the domain in question ion my white list but prefer not to if at all possible. I've seen discussion that recommends admins remove their "direct" PTR-to-MX host records to reduce spam on their side. Seems to me that they would then see alot of undeliverables given the expanded use of tools like Spamfilter and others by us all. Is Spamfilter prone to problems when dealing with complex zone records? Is the problem on their side? Is there a problem with my DNS lookups? Thanks, Russ

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 29 April 2003 at 6:44pm
	Russ, We were not able to find a PTR record either. Without knowing what the domain (and thus its nameservers..) is, we cannot verify this, but here's a possible scenario. If you query their DNS server directly and see a PTR, but this record does not show using other DNS servers, it is possible that their upstream provider (AT&T ?) is not doing their in-addr reverse zone transfers correctly. It does not matter if they're a big company, we've seen major blunders by quite a few large companies who should have know better...! Roberto Franceschetti LogSat Software

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

reverse dns PTR record points to Nameserver