Open AevaOnline opened 4 years ago
a reverse dns record
Are you sure about this one? My understanding is that this needs to be done at the "ip owner level" like the ISP/Hosting provider level, it's really the first time I've saw that done at the DNS level of the "user" (sorry, not sure about the exact terminology)
Ah - you're partially correct about the DNS PTR entry.
Unlike other DNS entries which are managed at the registrar, the PTR needs to be managed on the server that the IP actually routes to. In other words, I believe it needs to actually be configured on the Yunohost instance, though I'm not sure exactly how best to do that.
I've tried adding this line to the /etc/dnsmasq.d/mydomain.com
file:
ptr-record=z.y.x.63.in-addr.arpa,mydomain.com
While this results in a local dig -x
query returning the correct domain name, this change doesn't appear to propagate externally.
root@mydomain$ dig +noall +answer -x 63.x.y.z @127.0.0.1
z.y.x.63.in-addr.arpa. 0 IN PTR mydomian.com.
aeva@laptop$ dig +noall +answer -x 63.x.y.z @63.x.y.z
; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> -x 63.x.y.z @63.x.y.z
;; global options: +cmd
;; connection timed out; no servers could be reached
EDIT: a little more digging and I was able to get the answer externally. It's not a firewall issue, but a configuration of dnsmasq. By editing /etc/dnsmasq.conf and adding the server's public IP to the interface
list, an external reverse-dns query returns the correct result.
However, this opens up dnsmasq as a public service, and did not result in PTR-validation services validating the configuration, so I reverted it. Mentioning here for completeness.
Hey, i'm sorry but like @PsycoJoker said this is out of our reach. Reverse DNS entries are usually setup by your Internet Service Provider. Unfortunately, it's not possible to configure them with every ISP. This is documented on the isp page (en français).
Apart from this detail, your comment about DMARC is very just. There is no way to get your emails for sure delivered to Google/Microsoft (in most cases, contacting their supported to get whitelisted is the only way), but having a rua for DMARC can't do any harm.
For those not familiar with DMARC:
My two cents:
Note that the diagnosis coming in 3.8 will have a test about reverse DNS in both ipv4 and ipv6 with tips on how to configure it (basically "go try to see on your isp router / vps interface if you have control over it")
Discussing this with @ljf when we worked on the implementation, it seems like a pretty big deal, and it might in fact be a blind spot of mail-tester.com that only covers ipv4 (to be confirmed ? but apparently there's no AAAA record for it) and not ipv6 - yet postfix will use ipv6 by default if available!
That rua sounds interesting as well, we should probably recommend people to add it. That should be pretty easy to add.
@alexAubin @southerntofu Another option is to run Technitium as a primary nameserver on Yunohost, create reverse DNS zones and let the ISP delegate the reverse DNS zones to the Technitium server. That way Yunohost could configure the RDNS records automagically. This is related to #1824
let the ISP delegate the reverse DNS zones to the Technitium server.
As far as I know, the main issue is that many ISP don't even allow to configure the reverse DNS in the first place, so I doubt they will allow to delegate the reverse DNS zone which sounds even more advanced ... But maybe I misunderstand how rDNS works ...
Need a DNS service? Maybe I can help.
On Tue, Jan 24, 2023, 12:58 AM Alexandre Aubin @.***> wrote:
let the ISP delegate the reverse DNS zones to the Technitium server.
As far as I know, the main issue is that many ISP don't even allow to configure the reverse DNS in the first place, so I doubt they will allow to delegate the reverse DNS zone which sounds even more advanced ... But maybe I misunderstand how rDNS works ...
— Reply to this email directly, view it on GitHub https://github.com/YunoHost/issues/issues/1501#issuecomment-1401119537, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB7KJ33MCTIHC7BE4Q5DQY3WT4EJRANCNFSM4J4QOLEA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
https://dns.ibbt.io I can setup an account for who ever needs one to try out. It should solve the problem you may have
On Tue, Jan 24, 2023, 1:36 AM Antonis Valamontes @.***> wrote:
Need a DNS service? Maybe I can help.
On Tue, Jan 24, 2023, 12:58 AM Alexandre Aubin @.***> wrote:
let the ISP delegate the reverse DNS zones to the Technitium server.
As far as I know, the main issue is that many ISP don't even allow to configure the reverse DNS in the first place, so I doubt they will allow to delegate the reverse DNS zone which sounds even more advanced ... But maybe I misunderstand how rDNS works ...
— Reply to this email directly, view it on GitHub https://github.com/YunoHost/issues/issues/1501#issuecomment-1401119537, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB7KJ33MCTIHC7BE4Q5DQY3WT4EJRANCNFSM4J4QOLEA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Current auto-generated DNS records do not include two key components for email server validation. The result is that many of my emails are placed in the spam folder when sent to friends who still have @ gmail.com accounts.
After some investigation, I think this could be improved very easily by adding one line and updating one line in the DNS configuration:
Example of current auto-generated DNS
Suggested additional line
Suggest replacing _dmarc line