DNS

/ Comment /  68 views /        

DNS stands for Domain Name System (or Service or Server). It is an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they’re easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name http://www.example.com might translate to 198.105.232.4.

The DNS system is, in fact, its own network. If one DNS server doesn’t know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.

Generally speaking, your webhost will probably take care of any relevant DNS related issues. Typically, all you have to do is specify the DNS servers (typically two) with your domain name registrar and then never worry about it again. For those with virtual or dedicated servers, more control over DNS functionality may be possible.

While proper DNS configuration is a must for your site to be accessible to the world, you may or may not be aware that it is also a crucial piece of the email puzzle. That’s because servers can use DNS to validate that the sending IP of received email matches the domain name being represented as the source for that email. Below are typical tests used to validate email.

DNS Authentication Tests Run by Email Servers

Validating the IP address of the SMTP client

  1. Do a reverse lookup (query DNS for the pointer (PTR) record of the sender’s IP address)
  2. If no reverse lookup for the IP succeeds, then reject the mail.
  3. Check if the returned PTR record refers to the HELO/EHLO hostname. If not, reject the mail.
  4. Does the returned hostname have an address (A) record? If not, reject the mail.
  5. Does the PTR hostname have a Mail Exchange (MX) record? If not, reject the mail.

Validating the HELO/EHLO hostname information

  1. Does the hostname resolve to a DNS A or MX record? If not, reject the mail.
  2. Is the hostname a FQHN: Fully Qualified Host Name? If not, reject the mail.

Validating the MAIL FROM: @sender.domain information

  1. Does sender.domain resolve to a DNS A or MX record? If not, reject the mail.
  2. Is sender.domain a FQHN: Fully Qualified Host Name? If not, reject the mail.

Notes

  • Some servers don’t return MX records as a policy (for various reasons).
  • In addition to DNS validation, many servers query one of the MAPS databases for black-holes, open-relays, or dial-ups. If it finds the IP address listed the mail will be rejected.
  • Alternative methods for email verification have been developed and are becoming increasingly important. Specifically, refer to the entry for SPF, SenderID and DomainKeys.

Things to Do:

  • Make sure your DNS has been delegated with reverse authority. There are many resources out there, but you can visit AOL’s Reverse DNS Check to verify your server is setup properly.
  • Perform more complete DNS tests at the DNS Report site and/or CheckDNS.net. You will learn a lot by reading explanations of all the tests performed. Pay attention especially to the failures and warnings (they’re not all dire, but definitely make sure that you don’t fail the open relay test).
  • Make sure your server has an SPF record.
Subject: Configuring and Administering Your Server
Like this content? Why not share it?
Share on FacebookTweet about this on TwitterShare on LinkedInBuffer this pagePin on PinterestShare on Redditshare on TumblrShare on StumbleUpon

More Related Posts

There Are No Comments
Click to Add the First »