Alternatives to reverse dns using ddns?
Question asked by Roland Lewan - 6/5/2023 at 8:30 AM
I am hoping to remove our server from colocation to a location that has fiber internet service.  However, the fiber vendor does not offer reverse dns.  Has anyone tried using ddns or any alternative in order to successfully host smartermail?  Thanks!

5 Replies

Reply to Thread
Sébastien Riccio Replied
DynDNS and such other DNS services are for forward DNS (host to IP). 

Reverse DNS (IP to host) can only be provided by the owners of your IP address (the fiber vendor the machine is connected to in this case).

They might have different plans though such as Home plan for home usage and some other Pro plans for business that maybe include a static IP with possibility to change the reverse DNS for it.

You should also make sur they don't block by default the outgoing traffic to port 25. Many service providers do this to avoid their customers flooding internet with SPAM in case they are infected by a malware or botnet agent.

Kind regards.

Sébastien Riccio System & Network Admin https://swisscenter.com
Mark Thornton Replied
Was the fiber vendor offering a static ip address or block, or was it a dynamic ip only? If dynamic only then I don't know how to have control over the reverse dns entries. If they are assigning you a block then they should be able to adjust the reverse dns entries for the delegated ip addresses. When I set up my fiber connection I supplied the list of ip's and the associated names I needed. Covered the basics like gateway, mail, etc. then just numbered the rest to be unique. Took them a while to find the guy with access to the rdns files but it got done. I've done this with multiple vendors as we upgraded our connections. Shouldn't be that hard. I've been on the other side of that mess when I was an ISP and had the rdns for my block delegated to me and I had to maintain it for my customers. If the ISP is focused only on residential customers they may be able to get away with not having static ip addresses, rdns, and limiting ports, primarily port 25. When I dealt with this I would make a customer swear on a blood oath to sacrifice their firstborn if they abused me granting them port 25 traffic, but that was 15 years ago. I'm glad I am out of that business. ;-)
Roland Lewan Replied
Thanks so much for the quick and thorough responses.
Over the past several years we went from a hardened server facility which we sold, to co-locating several critical servers which has worked well.  However, having this in house would be less expensive and we are reviewing options.
We are in the midst of moving to a new building which will be about a year out - and currently have a location with consumer fiber, which provides symmetrical 1gb service.  However, while they offer static ip addresses for the service, they currently do not offer any dns services, etc.
So - I was hopeful there might some magical combination of ddns and other items that would allow the server to be recognized and accepted in its capacity as a mail server without rdns specifically in place.
So far, based on my research, there is nothing that would match the definitive reference that rdns provides, but know there are some very creative folks out there.
I will keep this updated should I find any alternatives - perhaps benefitting others as well.
Douglas Foster Replied
Ask specifically if the ISP will configure a SWIP (shared who is for up) entry for your source IP.  It is really an entry in THEIR DNS, not yours   The rest of your DNS needs can be obtained elsewhere, but I would avoid dynamic DNS if at all possible.

Mark Thornton Replied
Roland, I would reach back out to the fiber provider and dig deeper. Someone has to manage the RDNS delegation for their block of IP addresses. It isn't really an optional thing at the ISP level when you have been assigned a block of ip addresses to use for your operations and customers. And while you can run your own forward dns server on any static ip address, running a reverse dns zone without delegation from the provider of the ip addresses the rdns won't be found by external users or systems.

Reply to Thread