Reverse DNS and multiple domains on same IP

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
kdiamond
Posts: 43
Joined: Mon Apr 12, 2021 12:52 am

Reverse DNS and multiple domains on same IP

Post by kdiamond »

Hi.

Can anyone explain to me the correct approach for the following:

I have:
PTR 193.77.83.XXX that resolves to mail.domain1.com
primary mail domain with hostname (SMTP Banner) mail.domain1.com
A record mail.domain1.com that point to 193.77.83.XXX

Since IP can only have one Reverse DNS, how do I set other domains? PTR will not reverse to any of the domains below:

mail.domain2.com
mail.domain3.com
mail.domain4.com
2021-04-15_221000.jpg
2021-04-15_221000.jpg (119.02 KiB) Viewed 5030 times
Thank you.
Br,
kd
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Reverse DNS and multiple domains on same IP

Post by phoenix »

You only have one reverse IP and that's for the 'primary' domain for the IP address.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
kdiamond
Posts: 43
Joined: Mon Apr 12, 2021 12:52 am

Re: Reverse DNS and multiple domains on same IP

Post by kdiamond »

Thank you for your reply!

I know for primary. It will resolve. I'm asking for other domains which will not.

I just got a reply from my ISP that PTR record can include multiple domains.

That would be an easy solution, I guess.

Br,
Dali
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Reverse DNS and multiple domains on same IP

Post by Klug »

kdiamond wrote: I just got a reply from my ISP that PTR record can include multiple domains.
I don't think so.

If they put several FQDN on a single PTR, DNS will round-robin between them.
aduzsardi
Posts: 4
Joined: Thu Apr 15, 2021 7:02 am

Re: Reverse DNS and multiple domains on same IP

Post by aduzsardi »

Usually you only need to setup the main domain with PTR, SMTP banner , after that your secondary domains should have their MX records pointed to the main domain ... at least that's how i have it

mail.domain1.com PTR 100.110.111.112 (example ip)
mail.domain1.com A 100.110.111.112
domain1.com MX mail.domain1.com

domain2.com MX mail.domain1.com
domain3.com MX mail.domain1.com
kdiamond
Posts: 43
Joined: Mon Apr 12, 2021 12:52 am

Re: Reverse DNS and multiple domains on same IP

Post by kdiamond »

Klug wrote:
kdiamond wrote: I just got a reply from my ISP that PTR record can include multiple domains.
I don't think so.

If they put several FQDN on a single PTR, DNS will round-robin between them.
They did it and it works.
dns.jpg
dns.jpg (54.89 KiB) Viewed 4908 times

PTR record
ptr.jpg
ptr.jpg (140.86 KiB) Viewed 4902 times

Thank you
Last edited by kdiamond on Fri Apr 16, 2021 11:01 am, edited 1 time in total.
kdiamond
Posts: 43
Joined: Mon Apr 12, 2021 12:52 am

Re: Reverse DNS and multiple domains on same IP

Post by kdiamond »

aduzsardi wrote:Usually you only need to setup the main domain with PTR, SMTP banner , after that your secondary domains should have their MX records pointed to the main domain ... at least that's how i have it

mail.domain1.com PTR 100.110.111.112 (example ip)
mail.domain1.com A 100.110.111.112
domain1.com MX mail.domain1.com

domain2.com MX mail.domain1.com
domain3.com MX mail.domain1.com
Thank you
I will do that also, it can not hurt I guess.

Br,
Dali
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Reverse DNS and multiple domains on same IP

Post by Klug »

kdiamond wrote:
Klug wrote:
kdiamond wrote: I just got a reply from my ISP that PTR record can include multiple domains.
I don't think so.
If they put several FQDN on a single PTR, DNS will round-robin between them.
They did it and it works.
Nope.

They actually did it, if you use nslookup or dig or an online resolver, you'll get all four PTR at a time.
But any normal app (not a resolver) will only get one per request.

So if you're lucky your app (distant MTA) will get the good one, if you're not, it'll get a FQDN with no link to the domain it tries to talk to.
And the HELO/EHLO message won't be the correct one (HELO/EHLO is always the same and will be different of the PTR).

It's exactly the same than for A records (instead of PTR).
You can have several IP for a single FQDN, dig or nslookup or a resolver will show all of them.
But your browser will only get one of them (sent by its resolver) and use only only (until next request/TTL).

Code: Select all

$ dig +short zimbra.com
3.213.46.189
3.213.215.90
zimbra.com has two IP adresses but the apps only use one.

The "correct" way is to setup a single FQDN and set it up correctly: use the FQDN as Zimbra server name (so you get a correct HELO/EHLO), correct PTR with this FQDN and set it up as first MX for your domains.
Don't forget to setup another MX (at least) with lower priority.
We have dozens of domains set up that way and it works flawlessly.
kdiamond
Posts: 43
Joined: Mon Apr 12, 2021 12:52 am

Re: Reverse DNS and multiple domains on same IP

Post by kdiamond »

The "correct" way is to setup a single FQDN and set it up correctly: use the FQDN as Zimbra server name (so you get a correct HELO/EHLO), correct PTR with this FQDN and set it up as first MX for your domains.
Don't forget to setup another MX (at least) with lower priority.
We have dozens of domains set up that way and it works flawlessly.
Thank you for a detailed explanation! What you're saying makes sense. I'm a noob with DNS, so I rather ask twice. So if I understand you correctly, you are saying that multiple PTR records are no good practice and can rather hurt that benefit? Better to have just a single one?

Does that mean the check tools like https://mxtoolbox.com/diagnostic.aspx will always show an error for all secondary domains?

So to use your method in practice would be like?:

Primary domain
Primary domain: mail.domain1.com
IP PTR resolves to: mail.domain1.com
IP A mail.domain1.com
domain1.com MX(10) mail.domain1.com

Secondary domain(s):
IP A mail.domain2.com
domain2.com MX(10) mail.domain2.com
domain2.com MX(20) mail.domain1.com

Would that be your suggestion? If I got it wrong please correct me.

Thank you very much.
Br,
kd
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Reverse DNS and multiple domains on same IP

Post by Klug »

kdiamond wrote:So if I understand you correctly, you are saying that multiple PTR records are no good practice and can rather hurt that benefit? Better to have just a single one?
Yes.
kdiamond wrote:Does that mean the check tools like https://mxtoolbox.com/diagnostic.aspx will always show an error for all secondary domains?
I think it would be ok, see below.
kdiamond wrote:Primary domain
Primary domain: mail.domain1.com
IP PTR resolves to: mail.domain1.com
IP A mail.domain1.com
domain1.com MX(10) mail.domain1.com
Mostly, it lacks a secondary MX (that needs to be another server, even better in another subnet/datacenter.
kdiamond wrote:Secondary domain(s):
IP A mail.domain2.com
domain2.com MX(10) mail.domain2.com
domain2.com MX(20) mail.domain1.com
Nope.

I'd do this:
Secondary domain(s):
domain2.com MX(10) mail.domain1.com
domain2.com MX(20) anotherserver.domain1.com[/quote]

The idea is to declare your mail server only once, in one domain.
Then use it for every domain.

If you had a third domain, it would be:
Third domain(s):
domain3.com MX(10) mail.domain1.com
domain3.com MX(20) anotherserver.domain1.com

And so on for all the domains.

It you use mxtoolbox diagnostic with such a setup, you will only test mail.domain1.com, because it's the only way the server is known.
There won't be a "reverse mismatch", hostname will be valid, if this is the FQDN of your Zimbra's server you'll have the correct SMTP banner.
Post Reply