My Question
Hello All! Man, I love Stack Overflow :)
Anyway, I am configuring my first ever Mail Server and want to do it right.
The actual server is configured and working great so just need a bit of help with the rdns & SFP public records of my domains. I have spent days researching but I am utterly confused so could do with a much appreciated hand.
Using this sample data below:
Domains the mail server handles: example.com, example.co.uk, example.net
Mail Server IP (For IMAP and SMTP): 123.123.123.123 for all domains
Website Server IP (A Record / For Port 80 HTTP): 101.101.101.101 = .com, 102.102.102.102 = .co.uk, 103.103.103.103 = .net
How do I setup the records?
My best guesses
rdsn set correct so emails not rejected as spam
Am I right in thinking that rdns is configured around the domains A records as follows:
rdns 101.101.101.101 = example.com
rdns 102.102.102.102 = example.co.uk
rdns 103.103.103.103 = example.net
And that the mail server on IP 123.123.123.123 can rdns to whatever my ISP decides? Or does the mail server IP rdsn have to point to one of the same IPs above (say 101.101.101.101 for the .com) in which case, whatabout the .co.uk and the .net? Is'nt RDNS set only one domain per IP? I've read a lot of conflicting information on all of this.
spf set correct so emails not rejected as spam
Do I set the below the same for each domain?
v=spf1 mx:example.com mx:example.co.uk mx:example.net ~all
Or do I need a new domain which points straight to my mail server? Say:
mail.example.com (A Record / For Port 80 HTTP): 123.123.123.123
&
v=spf1 mx:mail.example.com ~all
Set as the SPF for example.com, example.co.uk and example.net?
Any help on the above MUCH MUCH MUCH loved and appreciated. Thanks a lot. And ignore my best guesses if they are way off, only shown to display what I have learnt so far.
Also please note I have full control over rdsn, dns and MX records and spf txt etc on all my domains and IPs so whatever needs doing - i'll do it!
Many thanks. :)
Related
I have a main server where are placed the DNS records for a domain (eg: example.com), but this domain has another server only for webmail. The DNS setup is working fine: I can access example.com through the browser and the webmail can send/receive emails (from webmail.example.com - A/MX DNS records are ok).
The problem is that on example.com there's a page where I send emails to contact#example.com and this is not being delivered - it works with anything else (Gmail, Hotmail etc).
I've tried some different things I found on Google/StackOverflow to fix it but without success.
exim -bt noreply#example.com (returns: router = localuser, transport = local_delivery)
exim -bt contact#example.com (returns: contact#example.com is undeliverable: Unrouteable address)
Where noreply# was created on the main server to send the emails from that page and contact# was created at the second server (webmail server). It looks like Exim4 is always looking for internal email addresses for this domain, even though the MX record is setup for another server.
How I could fix it? Exim4 should look for the MX record instead of trying to deliver it locally.
Thank you.
you have set example.com as a local domain. don't do that except on the MX server for example.com.
German Mail Providers like GMX or T-Online are blocking my emails. A support guy from GMX said the a-record for mail would be missing. I added it.
Now I checked this site and got 5 warnings http://mxtoolbox.com/domain/x-invest.net/ I also added a SPF record, but there are still problems with some providers. From some providers I even did not get any mailer daemons.
My IP adress or domain is not blacklisted by any of those providers.
I am worried about doing the DNS setup wrong on my apache server, but actually it should be a copy of my setup, I used with another server before.
Here is a screenshot of all I have at this time:
Maybe you could help me out, if I was missing something important or even have wrong dns record.
PS. Sorry, hope the screenshot is okay for the moderation. I was not able to copy the records - It was not my intention to spam my domain.
Clicking your link, the only ones I'd be real concerned are (in my order of priority):
Primary Name Server Not Listed At Parent
Name Servers are on the Same Subnet
The Certificate is invalid
First one indicates that your nameserver listed in the SOA record is not included at the level above you:
x-invest.net. 86400 IN SOA ns1.secureserver.net. info.s50-62-56-203.secureserver.net. 2015061806 86400 7200 3600000 86400
Which means that the server you listed as the authority for your domain does not match what the internet says is the authority.
Second one is more an issue if you have any sort of fault tolerance worries. If the ISP drops your subnet or circuit for some reason, your sites will not resolve.
Third one is only an issue if you have customers that are concerned about the security of their connection. The big red X in the browser address bar is very discouraging to customers and their credit cards.
EDIT (answer comment):
An authoritative DNS server is one that actually contains the information being requested: reference
DNS being a hierarchical structure, so it follows that the chain to get to your domain needs to be complete from the top down in most cases. You can bypass that structure in some circumstances, like private DNS domains being hosted by internal corporate servers. Internal machines point to the internal DNS servers, which host domains that may not be accessible to the outside, but will also do recursive queries out to the internet as an example.
Hopefully someone can help clarify this.
I have a domain ie example.com registered with Go Daddy. I host the website with TSOHost so in my domain configuration, I have set the following NS records.
Nameserver 1: ns1.tsohost.co.uk
Nameserver 2: ns2.tsohost.co.uk
I am now able to serve the website both www and non www from this hosting package. I simply have an A record for example.com and a CNAME for www.example.com to point to example.com (this is being configured in the cpanel Advanced DNS Zone Editor). So now we have the website showing as expected and required.
I would also like to setup a kind of DDNS service using a different server entirely, (this will hold DNS records that I will create on the fly using a Radius database).
So I want to use the subdomain ddns.example.com for this DDNS service, ie bob.ddns.example.com for Bob (so that when I ping bob.ddn.example.com, I can alter the IP to 8.8.8. say). In Cpanel I have an A record for ddns.example.com and an A record for *.ddns.example.com to point to my server that will manage this, for example 85.214.214.214.
I have installed Bind on the server (currently using a digital ocean server for this, to which I have added ddns.exmaple.com as an A record to the droplet and *.ddns.example.com also), I have created a zone for ddns.example.com, within this I have set the ns record as the digital ocean details.
I have then added the following to my file /var/named/ddns.example.com.hosts
$ttl 38400
ddns.example.com. IN SOA ns1.digitalocean.com. jon#example.com. (
1414575123
10800
3600
604800
38400 )
ddns.example.com. IN NS ns1.digitalocean.com.
bob.ddns.example.com. IN A 8.8.8.8
When I ping bob.ddns.example.com on the server with bind installed I get 8.8.8.8, but when pinging for anywhere else I get the bind server IP.
Can I ask if what I am doing is possible ie, going from godaddy to tso, to another server and if so what NS records should I specify for bind? or is there something in the named config I need to change, I have set the following options in named.conf in an attempt to solve this issue.
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
allow-query { any; };
recursion yes;
I am aware that recursion may leave me open to DOS attacks and I intend to turn this to no eventually, but for the moment during testing I have left this to yes.
Any help or information would be greatly appreciated, I have been trying different variations of zone files etc without success, I am really though unsure as to if I am going in the right direction.
Hopefully I have made sense, but any further info I can provide, please let me know.
My first question would be - Are you sure you've updated the Registrar with this server as the DNS nameserver for this domain?
Use nslookup to find out:
# nslookup
> set querytype=NS
> server 4.2.2.1 (a DNS server on the Internet)
> ddns.example.com. (a closing dot helps avoid lookups using preferred search domains.)
and confirm that the Internet knows who to communicate with, and that your NS host is authoritative for the domain.
Next would be - Do you have any other nameservers up to "answer" for that subdomain, causing other problems?
BTW - glad to hear you fixed this issue!
I could not find a definitive answer to this question online and I'd appreciate some help.
We have a dedicated server for our website. We also use it to send out bulk emails (ALWAYS by request, NEVER unsolicited or spam). We are trying to set up a PTR record and there's one thing I simply can't understand:
If I send out email from someone#example.com, and example.com's A record is x.x.x.x, then in order for my IP not to be considered a spammer, the PTR record for x.x.x.x must point to:
example.com?
any of example.com's MX records?
the name of the domain as it appears in the SMTP banner you receive when connecting to example.com:25?
all/none/any of the above?
Thanks for helping out!
The name provided as a response to HELO/EHLO should be resolvable to the sending server's IP address (A/CNAME record) and it's IP address should be resolvable to the name provided in response to HELO/EHLO.
You should NEVER create a PTR record, whose result could not be resolved to the original IP address.
If your sending mail server is not one of your MX records (or the domain in your HELO/EHLO response does not match your mail domain example.com), you may provide an additional SPF record for example.com (see Sender Policy Framework at Wikipedia).
When troubleshooting DNS issues (specifically whether a domain is resolving), what is the proper way to check so that you get accurate results? DNS info is cached throughout the internet, and different machines (like local machine) or service (like pingdom) has different results.
How to check the DNS so that you know what you will get after it propagates?
Working with Heroku and CloudFlare.
In most common cases you can use tools such as: dig or host. Both tools are made for query name servers to retrieve info. You can also use a simple "ping something.domain.com" in order to see if IP has changed. But I suggest you to use different DNS's on the computer you're using to test. Actually Google DNS replicate so fast ( 8.8.8.8 ).
Not on purpose DNS poisoning: Keep in mind if you're pinging something that is recently configured/changed on your name server and still not propagated you'll "poison" the DNS's cache and this data is going to expire, but later...( Always depending on domain name TTL's of course ).
Using a new DNS wich never has known that domain you're sure the request is made for the first time and it's going to be made without asking any cache.
Example:
To get all the DNS servers for domain.com:
$ host -t ns domain.com
domain.com name server ns2.domain.com.
domain.com name server ns3.domain.com.
To ask a domain name for something.domain.com:
$ dig #nameserver something.domain.com
You can also ask for TXT, CNAME types and so on...
Examples:
AXFR retrieval test:
$ dig #domainname domain.com AXFR
Or get all Mail Exchange (MX) server for a domain:
$ host -t MX domain.com
domain.com mail is handled by 10 smtp.godo.com.
domain.com mail is handled by 20 smtp2.godo.com.
Hope it helps.
Cheers! :)
http://en.wikipedia.org/wiki/Nslookup
To get a "Non-authoritative" answer from your local name server that would be e.g.:
nslookup test.com
To check the name server where the domain is listed that would be e.g.:
nslookup test.com nameServerOfTest.com