Find solution
How to build a public DNS server?

Are there known problems with Windows 2003 DNS server and PTR records that return CNAME?

  • I'm running a small mail server on a Windows 2003 server (3rd party, not Exchange.)  The server is standalone and not on a domain.  We setup filtering rules so that the mail server automatically rejects emails that fail a PTR record lookup.  So far it has worked pretty good, but we noticed that once in awhile good emails are failing.  The mail server is using the Win2003 DNS server for it's lookup using the root hints.*  When I do a query on nslookup, I get a the following output: > set q=ptr > 67.111.250.25 Server:  UnKnown Address:  192.168.250.55 *** UnKnown can't find 25.250.111.67.in-addr.arpa.: Non-existent domain However, when I query from a public DNS server: Address:  8.8.8.8 Non-authoritative answer: 25.250.111.67.in-addr.arpa      canonical name = 25.0/27.250.111.67.in-addr.arpa 25.0/27.250.111.67.in-addr.arpa name = mail-h.noticingcenter.com I noticed that the query returns a CNAME followed by the actual result. I have no problems with most other PTR records as seen below: > 65.99.255.229 Server:  [192.168.250.55] Address:  192.168.250.55 Non-authoritative answer: 229.255.99.65.in-addr.arpa      name = outbound-jr2.exchangedefender.com For the hell of it, I tried querying 67.111.250.25 from a Windows 2008 server and it had no problem resolving it.  So, is this a problem with Windows 2003 specifically?  Are there settings I'm missing?   We are going to upgrade to a new server this summer with all new software, but I'd like to get a workaround.  If I enable forwarders, I'll lose my ability to check certain RBLSs. Please let me know if you need any more information. *Some of the RBLs require the DNS queries do not come from public DNS servers.

  • Answer:

    I figured out the solution, so I figured I'd answer my own question.  If I use my ISP's DNS server as a forwarder instead of using the root hints, I can successfully resolve the PTR record in question as well as query the URIBLs I've been using.

Andrew Stein at Quora Visit the source

Was this solution helpful to you?

Other answers

I will admit to being short on Windows server knowledge.  Its a little hard to process this without sitting in front of a terminal.  My brain is a little tired right now. This is why most people use linux or unix...  Windows can just be ginky. I see 2 flags...  you're not on a domain.  Although I wasn't clear if you were behind a router on an internal network. The router being on a fully qualified domain.   If thats the case then you should be using the routers address...  you probably know that.  You didn't say how you know its failing...  it could be that the remote server is rejecting your reverse.  Is someone reporting to you that their email was bounced and is consistently bounced?  Or are you seeing it in a log...  in theory something could be timing out and that might be intermittent.  Is it possible that Win2003 is having trouble with classless IPs/domains?  It might be too old. It might help to export your DNS into a regular unix style DNS record.  Obfuscate the actual numbers and names before posting them here.

Max Jones

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.