[server-admins] Reverse DNS (and mailman, and iptables??)
Jonathan Marsden
jmarsden at fastmail.fm
Sun Jan 23 23:55:20 MST 2011
Troy,
On 01/23/2011 09:37 PM, Jonathan Marsden wrote:
> So, let's just go for it, we can't break anything, since there is
> nothing in place now (for crosswire.org reverse DNS) to break :)
OK, I've now set up RFC4183-style reverse DNS on both crosswire.org and
codns.computeroptions.net -- and it appears to actually work (!).
So, once the delegation from the ISP takes effect, that should be taken
care of (BUT see below). In other words, I can now do:
dig @crosswire.org 106.104-29.190.71.64.in-addr.arpa. ptr +short
on crosswire.org and get the right answer back.
IMPORTANT: ARE WE BLOCKING DNS TRAFFIC TO THE SERVER?
I can't get DNS info from the crosswire.org server anywhere else. I
suspect you may be running an iptables firewall that is blocking some
traffic? Can you check this please? TCP and UDP ports 53 need to allow
all inbound traffic on crosswire.org.
To check this, compare:
dig @crosswire.org 106.104-29.190.71.64.in-addr.arpa. ptr +short
with
dig @codns.computeroptions.net crosswire.org
106.104-29.190.71.64.in-addr.arpa. ptr +short
when each is run from some other machine somewhere. Same issue for
dig @crosswire.org crosswire.org a +short
and
dig @codns.computeroptions.net crosswire.org a +short
Thanks,
Jonathan
More information about the server-admins
mailing list