DNS Problem mit AOL

[tbohl]

Hallo,

bekomme folgende Meldung von AOL:

Remote host said: 421 4.2.1 MSG=: (DNS:NR)
http://postmaster.info.aol.com/errors/421dnsnr.html


Ich habe bei http://www.checkdns.net mal meine domain testen lassen:

CheckDNS.NET tests mail-servers
Domain xxxlnet.de has only one mail-server
Checking mail server (PRI=10) mail.xxxlnet.de [85.xxx.132.74]
Mail server mail.xxxlnet.de[85.xxx.132.74] answers on port 25
<<< 220 hxxx6724.stratoserver.net ESMTP
>>> HELO http://www.checkdns.net
<<< 250 hxxx6724.stratoserver.net
>>> MAIL FROM: <dnscheck@uniplace.com>
<<< 250 ok
>>> RCPT TO: <postmaster@xxxlnet.de>
<<< 250 ok
>>> QUIT
Mail server mail.xxxlnet.de [85.xxx.132.74] accepts mail for xxxlnet.de
All MX are configured properly


Was muss ich noch beachten?

Gruß
Tom

[Joe User]

Noch ausführlicher kann man eine Fehlermeldung kaum noch machen:

* 421 DNS:NR
o The Reverse DNS lookup for your IP address is failing. This could be a transient issue. Confirm the IP that sends your mail. Then check the rDNS of that IP using our troubleshooting tools. If it passes, please wait 24 hours and re-try before opening a support request.
+ rDNS must be in the form of a fully-qualified domain name. rDNS containing in-addr.arpa are not acceptable, as these are merely placeholders for a valid PTR record. rDNS consisting of IP addresses are also not acceptable, as they do not correctly establish the relationship between domain and IP address.
+ rDNS that may be similar to dynamic IP space (containing pool, dhcp, dyn, etc.) may be treated as suspect, and should therefore should be changed to reflect a fully-qualified domain name with standard reverse DNS.

What is Reverse DNS and what requirements does AOL have for it?

Reverse DNS is a way of associating an IP address with its hostname. The reverse DNS identifier is contained in the PTR portion of the IP Zone File. The IP Zone File contains all the different ways that your IP and domain name can be associated; each association serves a different need.

* AOL requires that all connecting Mail Transfer Agents have established reverse DNS, regardless of whether it matches the domain.
* Reverse DNS must be in the form of a fully-qualified domain name. Reverse DNS containing in-addr.arpa are not acceptable, as these are merely placeholders for a valid PTR record. Reverse DNS consisting of IP addresses are also not acceptable, as they do not correctly establish the relationship between an IP address and its associated domain.
* Reverse DNS that may be similar to dynamic IP space (containing pool, dhcp, dyn, etc.) may be treated as suspect, and should therefore should be changed to reflect a fully-qualified domain name with standard MTA reverse DNS. [Example: mail.aol.com]

Any host over the Internet is supposed to have a valid reverse DNS (PTR Resource Record) declared, as required by RFC 1033: Domain administrators operations guide, section Adding a host:
Adding a host:
To add a new host to your zone files:
Edit the appropriate zone file for the domain the host is in.
Add an entry for each address of the host.
Optionally add CNAME, HINFO, WKS, and MX records.
Add the reverse IN-ADDR entry for each host address in the appropriate zone files for each network the host in on.

While it is technically possible to declare multiple PTR records for a given IP address, this is generally useless. In fact, multiple PTR records may confuse some programs which may end up picking one randomly among the different values and ignoring the others, resulting in unpredictable results. For this reason, we recommend that one single PTR record be declared on each public IP address.

Ensure this label is declared in the direct DNS zone and points back at the same IP address, otherwise such a PTR record may be deemed spoofed and result in denying access. In other words, ensure PTR and A records match and are consistent, as recommended by RFC 1912, Common DNS Operational and Configuration Errors, paragraph 2.1:
2.1 Inconsistent, Missing, or Bad Data
Every Internet-reachable host should have a name. The consequences of this are becoming more and more obvious. Many services available on the Internet will not talk to you if you aren't correctly registered in the DNS.
Make sure your PTR and A records match. For every IP address, there should be a matching PTR record in the in-addr.arpa domain. If a host is multi-homed, (more than one IP address) make sure that all IP addresses have a corresponding PTR record (not just the first one).
Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all. Also, PTR records must point back to a valid A record, not a alias defined by a CNAME. It is highly recommended that you use some software which automates this checking, or generate your DNS data from a database which automatically creates consistent data.

Verifying DNS conformance

Ensure that your PTR and A records are visible by the rest of the world over the Internet, as sometimes they appear fine internally within your organization, but are not propagated over the Internet due to a delegation failure. Use one of the many free web-based tools available over the Internet to verify your reverse DNS records as they are seen by the rest of the world:

* http://remote.12dt.com/
* http://www.dnsgoodies.com/
* AOL reverse DNS Tool

Kurz: Dein Reverse-DNS-Record ist kaputt oder nicht vorhanden.

[tbohl]

wo kann ich den einstellen?

[Joe User]

Bei Deinem Server-Anbieter.

[tbohl]

Sorry, bin halt noch ein fortgeschrittener Anfänger. Was muss ich wo einstellen?
Habe die Ip rückwärts aufgelöst, muss die aufgelöste Domain jetzt zusätzlich in jede Domain eingetragen werden (MX? PTR?)?

Habe nur das Problem mit Aol, würde das gerne verstehen und lösen!

Tom

[jan10001]

Joe User sagte es bereits: "Bei Deinem Server-Anbieter."

Also bei Strato einloggen und in deren Kundenmenü nach Reverse DNS suchen und dort den Namen deines Mailservers (Domain) eintragen. Das sollte doch selbst ein Anfänger schaffen.