Why your DNS PTR record is so important
Published on Thursday, March 31, 2011
Many of the support requests Sandra and I receive each day for EmailVerify.NET are related more to the network configuration of the machines that host the component than to a technical issue with the software itself. Hopefully this means there aren't so many unknown bugs in our product. ;)
One of the most frequent network configuration issue we see is due to a missing DNS PTR record for the machine hosting EmailVerify.NET, a problem that can affect validations on level Smtp and above. A DNS PTR record - for those of you who are wondering - is a special entry in the Domain Name System (DNS) that basically maps an IP address (like 65.55.12.249) to a domain name (like wwwco2vip.microsoft.com). Having a DNS PTR record for your IP address is (somewhat) a sign of reliability in the Internet, since only the owner of a specific network zone has the ability to create and edit these DNS records.
Today, most mail exchangers will check this record for each incoming connection and may abort the communication if they find your IP address does not have an associated DNS PTR entry: because of this reason, I always suggest to make sure your public servers IP addresses have DNS PTR records configured properly. While EmailVerify.NET can validate email addresses even without a DNS PTR entry configured, the quality of the validation results in this event may be suboptimal.
Once your DNS PTR record is configured, make sure EmailVerify.NET is actually using it when presenting itself to the external mail exchangers: to do that, set the LocalHostFqdn property to the same domain name of your DNS PTR record. If the DNS PTR record for your public IP address is set to be myserver.mydomain.com, then configure EmailVerify.NET this way:
To check if your public IP address has a DNS PTR record you may want to use the nslookup command line tool, passing the -type=PTR option and the IP address to check. For example:
The IP address 8.8.8.8 points, in fact, to one of the public DNS servers from Google. Finally, if possible, make also sure that your resolved domain name is resolvable to the same originating IP address (that is: google-public-dns-a.google.com should point to the address 8.8.8.8). Using nslookup, this time without any additional parameter:
Cheers!
--
Efran Cobisi
EmailVerify.NET lead developer
One of the most frequent network configuration issue we see is due to a missing DNS PTR record for the machine hosting EmailVerify.NET, a problem that can affect validations on level Smtp and above. A DNS PTR record - for those of you who are wondering - is a special entry in the Domain Name System (DNS) that basically maps an IP address (like 65.55.12.249) to a domain name (like wwwco2vip.microsoft.com). Having a DNS PTR record for your IP address is (somewhat) a sign of reliability in the Internet, since only the owner of a specific network zone has the ability to create and edit these DNS records.
Today, most mail exchangers will check this record for each incoming connection and may abort the communication if they find your IP address does not have an associated DNS PTR entry: because of this reason, I always suggest to make sure your public servers IP addresses have DNS PTR records configured properly. While EmailVerify.NET can validate email addresses even without a DNS PTR entry configured, the quality of the validation results in this event may be suboptimal.
Once your DNS PTR record is configured, make sure EmailVerify.NET is actually using it when presenting itself to the external mail exchangers: to do that, set the LocalHostFqdn property to the same domain name of your DNS PTR record. If the DNS PTR record for your public IP address is set to be myserver.mydomain.com, then configure EmailVerify.NET this way:
var verifier = new EmailVerifier();
// TODO: Configure the component
verifier.LocalHostFqdn = "myserver.mydomain.com";
To check if your public IP address has a DNS PTR record you may want to use the nslookup command line tool, passing the -type=PTR option and the IP address to check. For example:
C:\>nslookup -type=ptr 8.8.8.8
Server: fritz.box
Address: 192.168.178.1
Non-authoritative answer:
8.8.8.8.in-addr.arpa name = google-public-dns-a.google.com
The IP address 8.8.8.8 points, in fact, to one of the public DNS servers from Google. Finally, if possible, make also sure that your resolved domain name is resolvable to the same originating IP address (that is: google-public-dns-a.google.com should point to the address 8.8.8.8). Using nslookup, this time without any additional parameter:
C:\>nslookup google-public-dns-a.google.com
Server: fritz.box
Address: 192.168.178.1
Non-authoritative answer:
Name: google-public-dns-a.google.com
Address: 8.8.8.8
Cheers!
--
Efran Cobisi
EmailVerify.NET lead developer