Reverse DNS – PTR Records

Imagine you’re a small company owner and you decide to host your own mail server. You hire a technician to come in and set up a small SMTP server of some flavor for your domain and have him modify your external DNS and MX records so your mail starts flowing to the static IP address for your network assigned by your telecommunications provider (AT&T, Time Warner – whoever). Two days later you begin receiving non-delivery errors for sent messages that state “You don’t have permissions to send to this recipient”. This is typically a case of the receiving mail server performing a “reverse DNS lookup”. In order for these reverse lookups to succeed the telecommunications carrier that provided your static IP for your network is required to maintain a PTR record for the host name of your new mail server. Now you will learn the horror that is requesting a PTR record from a major telco or ISP.

Many ISP’s and telco’s are reluctant to add PTR records for customers they have delegated IP addresses to for a couple of reasons: The first is usually because they don’t know what you’re talking about when a request for a reverse DNS entry is made and you’re required to travel well up the support food chain before talking to a technician that understands that PTR records are maintained by the ISP delegating the IP address, not the ISP hosting DNS for the domain. The second reason is that unlike the ISP hosting the public DNS entries there is no money involved for the telco or ISP providing your static IP (yet).

PTR records are becoming common requests that you would think ISP’s would be more more willing to accomodate since major ISP’s like AOL and Time Warner both require successful reverse DNS lookups for any mail being sent to a receipient of their domains. It’s a bigger shame they don’t realize the greater importance of hosting PTR records which is it’s actually a technology in the fight against spam that works. If every mail server out there had reverse DNS lookups required for incoming mail I could speculate the number of successful spam deliveries would be cut in half.

What most people, including a lot of Sys Admins, don’t know is that any ISP or telco delegating an IP address is REQUIRED by the text of their ARIN agreement to provide reverse PTR records for the IP addresses they delegate. I wouldn’t hesitate to drop this bomb in the ear of any ISP refusing to add a PTR record for a network I administer.

Under section 7.1 of the ARIN number resource policy manual (American Registry for Internet Numbers) it specifically states

“All ISPs receiving one or more distinct /16 CIDR blocks of IP addresses from ARIN will be responsible for maintaining all IN-ADDR.ARPA domain records for their respective customers.”

This means that any ISP or telco delegating IP addresses is required to maintain accurate DNS entries not only on the domains for which they host public DNS records for but also for any IP addresses they delegate (i.e. statically assigned IP address for your network).

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Inline Feedbacks
View all comments
16 years ago

D00d, I totally know what you mean. My buddy had to spend hours with ATT trying to find a guy smart enough to understand what a PTR was. I think he got routed to the same department a few times to.

G00d Stuff, oh and it is 115 degrees in Vegas.

Have a good one, enjoyed the article.

JR
16 years ago

Thanks a lot for the article! I felt like you were describing our situation here in precise details.
Now, I just have to figure out how the rules are for ISP in Japan.. and if it’s the same, then how to drop the bomb in their ear in Japanese.

2
0
Would love your thoughts, please comment.x
()
x