DNS and MX Records

By brennan.johnson ·
Hello all,

We are currently experiencing some problems with AOL's new SPAM filter policy as I'm sure some other have been and it has caused us to take another look at our dns setup.

We currently have an outside ISP providing us with several public IPs and such. We have correctly setup this information within our Gateways/Firewalls (SonicWalls).

Our public IPs are NAT'd through to our private subnet and everything works fine this way (email, ftp, mysql, etc all works).

Our DNS servers are hosted on a Windows SBS 2003 and a Windows Server 2003 Standard platform. We have the appropriate FLZs setup for our domain and I think we have the correct RLZs as well.

Under our FLZ - we have 1 MX record pointing to our mailserver, priority 10, host/child domain is blank. The FQDN of the mailserver it references is a private IP (is this correct?).

The public IP of our SonicWall (which controls the NATs) is configured as a Reverse Lookup Zone. Within this zone we have Pointer records for our but when I check our domain using a service such as I receive an error stating: "No reverse DNS (PTR) entries" and then it lists our public ip

Also note that within the DNS server - properties - Forwarders - I have configured 2 the 2 public IPs of our ISP within the 'selected domain's forwarder IP address list' box.

So at the moment I'm not sure what to do next. If anyone could help it would be much appreciated. And if further information is required please just ask.

Edit: Within our Sonicwall we have our ISP's DNS servers defined within the DNS configuration. Is it necessary to contact our ISP to add the appropriate PTR and Host(A)records for our domain if we handle the rest of our DNS?

Thank you,

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

why do you have the sonicwall doing DNS?

by CG IT In reply to DNS and MX Records

Unless the Sonicwall device is authoritative for your FQDN, you shouldn't have it doing DNS resolutions.

I know many do this but... having a firewall router device also handle DNS services for the FQDN zone can cause untold problems with DNS and Active Directory.

Collapse -

More specifically...

by brennan.johnson In reply to why do you have the sonic ...

The appropraite ports on the Sonicwall device are configured with our ISP's information: Public IP, Gateway, DNS.

The SonicWall device also handles DHCP requests and within those settings we have defined the IPs of the DNS servers within our network.

This setup has caused no problems with AD nor DNS.

Collapse -

Not a fan of sonicwall

by CG IT In reply to More specifically...

Though there are many SMB consultants who swear buy it. It has a really good upsell.

Your SBS box CIECW wizard basically configures your SBS DNS server with all the necessary records for both your AD and Exchange server including the sharepoint site. This includes accepting email on the FQDN and the private .local domain name.

The only thing a system administrator needs to do is have the authoritative name servers for the FQDN point to the public IP address.

So if the FQDN is <yourdomain>.com = Public IP 10.X.X.X

then the MX record is

<yourdomain>.com 10<yourdomain>.com

where <yourdomain>.com resolves to your public IP address.

if your SBS box doesn't have a reverse lookup zone, you should have it on the SBS box because that's for the .local zone.

If you trying to have a reverse lookup zone for the FQDN, then that's for the authoritative name server listed on the domain name registars name servers.

This isn't anything you probably don't already know, but having a router handle DNS services .... my preference would be to not do that.

Collapse -

SPF Record

by formerly In reply to DNS and MX Records

You probably want to do three things:
1. Set up a SPF record for your domain. This tells AOL (and everyone else) that any email from your domain (that's not from YOUR SMTP server) is probably a spammer.

2. Go to and jump through their hoops to get un-blacklisted.

3. go to and put in your IP address of your SMTP server to make sure your ip address isn't blacklisted elsewhere. If it is, follow the instructions to get un-blacklisted.

Collapse -

SPF Record...

by brennan.johnson In reply to SPF Record

1. Already have one: v=spf1 mx -all
Correct, yes?
2. Do they blanket blacklist by default?
3. Not blacklisted.

Collapse -


by formerly In reply to SPF Record...

I think the SPF should have the IP address of the valid SMTP server.

AOL doesn't blacklist by default, but once you get blacklisted, you need to be nice to them to get un-blacklisted.

Good thing you aren't blacklisted. Checking regularly will help.

Related Discussions

Related Forums