Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS Lookup Problems

Status
Not open for further replies.

MarkITMan

IS-IT--Management
Feb 5, 2002
54
US
I have a problem and have a brain dump as to the fix. I get an error that says : oneproblem.net 199.99.99.34: can't verify reverse address - lookup does not include original address 198.88.88.32

The 199 is an outside address and 198 is the inside address. Would I use a loop in this situation? Any help would be greatly appreciated. thanks.
 
is oneproblem.net the same name used on both inside and outside? When are you getting this error, during an email event?
 
oneproblem.net is only registered outside. Our firewall redirects the inside to the outside IP. We can receive e-mails just fine, but get on and off send capability outside. I'm seeing this error on my firewall in the SMTP traffic log.
 
So is your firewall NAT'ing that internal address, 'cause it looks routable? You might want to do that, if not.
 
Yes, the firewall reroutes the outside Ip to the inside IP which allows incomming e-mail. The problem is with sending out. We have reverse DNS enabled, but still have this problem.
 
Right, I am referring to outbound, not inbound. Your firewall should be NAT'ing your internal address when you go out to the internet, is that happening? Or do you have internal addresses that are routable?
 
OK. so your mail gets out with an originating internal address as the source, and depending on what mail hosts your sending to, if they do a reverse lookup, it doesn't match up with your external DNS and you're getting hosed. You could put a second MX entry in your external DNS with the internal address that has a higher cost so that it doesn't get hit...may I ask what your external domain name is?
 
external DNS looks good. do you have a host outside of your firewall that collects email and delivers for you (like your ISP) outbound and inbound? sorry to ask so many questions, just trying to get a clear picture of your setup...
 
Yes our ISP currently collects and delivers our e-mail. Don't worry about asking too much. I appreciate your help here.


Here is a current copy of what Sprint has in our zonefile:

greatamericanproducts.net. IN MX 10 msmail
greatamericanproducts.net. IN A 172.30.99.200
msmail IN A 198.70.143.130
www IN A 198.70.143.130


;Reverse Records
198.70.143.130 IN PTR msmail.greatamericanproducts.net.
 
hmm....why would your ISP have a non-routable address for your domain in their zone file? Is that 172.30 address indicative of your internal domain? If so , that's not routable. Although to be honest, I can't see why a mail host would reference that entry, but if they did, it would surely cause them to choke...
 
We have had problems from day one with the ISP. I'm bringing everything inside next month. The 172.30 is part of our internal domain and I'm wondering the same thing as why they are pointing here.
 
yeah, that would be good. Then you could NAT all your internal IP's to look like the one(s) provided by your ISP. In the meantime, I would definitely ask Sprint to remove (or correct, rather) that 172.30 entry. At the very least, have them make it the same address as WWW. Again, I can't say that's what the problem is, but that entry is completely bogus and should be fixed anyway...
 
I did that yesterday after I saw what they did. They are slow in what they do. When I first switched over the tech that took the request laid it on her desk and went on vacation. Thanks and have a great weekend.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top