How do I analyze and fix my outgoing mail server's DNS issues?

Instructions for Mail Systems Administrators

To help block spam, the LPL mail server filters incoming connections by checking the DNS (Domain Name Service) records of sending mail servers. Incoming connections are rejected from systems which have missing, incomplete, or conflicting DNS entries. To analyze and fix your mail server's DNS entries, follow the instructions on this page.

From a Linux, Unix, or DOS command line, use the nslookup command to check that the IP address for your outgoing mail server resolves to a hostname (do a reverse DNS lookup). For example, suppose your outgoing mail server's IP address is 150.135.111.1:

# nslookup 150.135.111.1 
Server: 150.135.109.216 
Address: 150.135.109.216#53

1.111.135.150.in-addr.arpa name = hindmost.lpl.arizona.edu.

In this example, the IP address resolves to the hostname hindmost.lpl.arizona.edu .

If your mail server's IP address does not resolve to a hostname, that is why your server's outgoing mail is being rejected by other servers.

If your mail server's IP address resolves to a hostname, then use nslookup to check that the hostname assigned to the IP address resolves to the same IP address (do a forward DNS lookup). Continuing the above example:

# nslookup hindmost.lpl.arizona.edu 
Server: 150.135.109.216 
Address: 150.135.109.216#53

Name: hindmost.lpl.arizona.edu Address: 150.135.111.1

In this example, the hostname hindmost.lpl.arizona.edu resolves to the same IP address, so its forward and reverse DNS entries match each other.

If the hostname resolves to the same IP address that you used in your first DNS lookup, your mail server's DNS configuration is correct. This is known as FCrDNS or full-circle reverse DNS or forward-confirmed reverse DNS.

If the hostname does not resolve to an IP address, or does not resolve to the same IP address, your mail server fails the FcRDNS check; that is why your server's outgoing mail is being rejected by other servers.

Click here for an explanation of how reverse DNS checks fit into best practices for email and network administration.

How to fix FCrDNS Issues

To fix the problem, the DNS records for your outgoing mail server need to be updated, so that:

  • The IP address of the mail server resolves to a hostname, and
  • That hostname resolves to the same IP address.

If you do not manage your own DNS server, you'll need to contact your Internet Service Provider (ISP) and ask the ISP to update their DNS records accordingly.