Mailing List CGatePro@mail.stalker.com Message #104889
From: Juergen P. [core] <juergenp@core.at>
Subject: Re: Reverse DNS mismatch
Date: Sun, 06 Apr 2014 12:23:29 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>, Bill Cole <cgp-2008@billmail.scconsult.com>
X-Mailer: CommuniGate Pronto! 6.0.9
bill, 

maybe  i'm crazy and say ridiculous things but dnstool tester programs online,  checkup tools(old and new - means form this century ), dig, and other software  still do that tests.

furthermore i posted the results of my preferred dns tester -  i dont have that much time searching for all corresponding rfc's for each case.

 If a domain would have a single MX resolving to a name with a single A for the bare domain name or which resolves to the same IP as the single A for the bare domain, the MX is functionally useless. Treating the lack of an MX for a domain which has a single A record as problematic for mail in any way is technically invalid and extremely rare.


mx records are never useless. thats why intelligent dns-servers translates default records also to MX and send them to the querying host.
if you dont enter an mx-record it means not that it is not used by the dns-server serving your domain.

sorry that i was too fast and did not mention what was/is technically possible and what not because i thought you need a solution.

SUMMARY:

PTR record is not correct:

68.15.54.108 resolves to wsip-68-15-54-108.ri.ri.cox.net

SOLUTION:

let your provider change the PTR config.

i suggest using a hostname and adopt dns to serve that.

i still suggest using MX records because its easier for non-experts like me to reproduce some errors.


if you want to be on the safe side you should also have a look at the following problems:

your certificate chain for https is not correct.
SOA Expire Value out of recommended range 
you dont have any valid SPF/TXT records
there are some TLS-Issues




regards





On Sat, 05 Apr 2014 13:51:57 -0400
 "Bill Cole" <cgp-2008@billmail.scconsult.com> wrote:
 On 5 Apr 2014, at 6:54, Juergen P. [core] wrote:

 hi,



 One or more SOA fields are outside recommended ranges. Values that are out of specifications could cause delays in record updates or unnecessary network traffic. The SOA fields out of range are:

 mname | ns1.mydyndns.org. | expire | 604800 | EXPIRE - RFC1912 suggests a value between 1209600 to 2419200.

 It is ridiculous to treat operational advice in RFC1912 from 1996 (a year before the invention of dynamic DNS updates) which was only ever relevant to how authoritative servers interact to modern DNS configuration. The "EXPIRE" value has no function outside of the secondary authoritative servers for a zone, so it is crazy to try to validate its published value.

 No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s).

 If a domain would have a single MX resolving to a name with a single A for the bare domain name or which resolves to the same IP as the single A for the bare domain, the MX is functionally useless. Treating the lack of an MX for a domain which has a single A record as problematic for mail in any way is technically invalid and extremely rare.

 #############################################################
 This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
 To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
 To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
 To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
 Send administrative queries to  <CGatePro-request@mail.stalker.com>

--
Best Regards

Juergen Paulhart

VoIP / SIP / IM / E-Mail : juergenp@core.at
TEL: +43 676 30 592 44  
VoIP Support:  +43 1 236 46 60 600
***  IT Security, Cloud based Communication Technologies & Hosted Unified Communications ***
  thug nature  <<<
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster