Need Assistance with PTR Record Configuration

Question

Need Assistance with PTR Record Configuration

Huang WeiYe 20

Hello,

I am currently configuring a mail server on an Azure VM running Linux, and I have encountered some issues related to setting up PTR records.

I have successfully created an A record for mail.i-smart.me, which points to the VM's public IP, and it can be resolved correctly.

I attempted to set the reverse FQDN using the following command:


   az network public-ip update --resource-group xxxxxxxx-group-1 --name xxxxxxxxx-ip --reverse-fqdn mail.i-smart.me

However, I received the following error message:


   (ReverseFqdnDoesNotBelongToSubscription) ReverseFqdn mail.i-smart.me. that PublicIPAddress xxxxxxxxxx is trying to use does not belong to subscription xxxxxxxxxxxxxxxxxx. One of the following conditions need to be met to establish ownership: 

   1) ReverseFqdn matches fqdn of any public ip resource under the subscription; 

   2) ReverseFqdn resolves to the fqdn (through CName records chain) of any public ip resource under the subscription; 

   3) It resolves to the ip address (through CName and A records chain) of a static public ip resource under the subscription.

I then tried to update the reverse FQDN using this command:
```
   az network public-ip update --resource-group xxxxxxxx-group-1 --name xxxxxxxxx-ip --reverse-fqdn mailforismart.eastus2.cloudapp.azure.com --dns-name mailforismart
```
However, I found that I could not add a CNAME record for mail.i-smart.me pointing to mailforismart.eastus2.cloudapp.azure.com because an A record for mail.i-smart.me already exists.

My question is: what steps can I take to resolve this situation? I need to establish the PTR record for my mail server properly.

Any help or guidance would be greatly appreciated!

Thank you!

Huang WeiYe 20 Reputation points

2024-10-07T09:40:12.3+00:00
Hi @KapilAnanth ,

Thank you for your prompt response and assistance.

I ran the command as you suggested, and the output I received was:

{ "fqdn": "mailforismart.eastus2.cloudapp.azure.com" }

This confirms that the current FQDN for the public IP is set to mailforismart.eastus2.cloudapp.azure.com.

I initially attempted to set the reverse FQDN directly to mail.i-smart.me, but I encountered the ReverseFqdnDoesNotBelongToSubscription error, even though my A record was correctly configured and there are no cross-subscription issues.

Afterwards, I set the reverse FQDN to mailforismart.eastus2.cloudapp.azure.com, and that was successful. However, tools like MXToolbox are still indicating a mismatch with the error message: "Reverse DNS does not match SMTP Banner."

Could you please advise on how to resolve this issue to ensure that the PTR record is correctly associated with my mail server?

Thank you for your continued assistance!
KapilAnanth 49,856 Reputation points Moderator

2024-10-08T05:24:47.6466667+00:00
@Huang WeiYe ,

As next steps,

Can you please create a CNAME record "mail.i-smart.me" to point to "mailforismart.eastus2.cloudapp.azure.com" ?

Instead of A record pointing to the IP

From validation requirements, I see this is also supported

Meanwhile, I shall check internally if the domain name having a hyphen is causing any issues.

Cheers,

Kapil
Huang WeiYe 20 Reputation points

2024-10-08T07:20:16.8333333+00:00

Hi @KapilAnanth ,

Thank you for the guidance.

I created a CNAME record for mail.i-smart.me pointing to mailforismart.eastus2.cloudapp.azure.com. I also added an A record for *.i-smart.me pointing to the public IP.

However, MXToolbox still reports "Reverse DNS does not match SMTP Banner." I suspect this may be due to DNS propagation delays.

I will monitor the situation for a while and will update you if the issue persists.

Thank you again for your support!
Huang WeiYe 20 Reputation points

2024-10-08T07:25:01.4733333+00:00

Hi @KapilAnanth ,

Thank you for the guidance.

I created a CNAME record for mail.i-smart.me pointing to mailforismart.eastus2.cloudapp.azure.com. I also added an A record for *.i-smart.me pointing to the public IP.

However, MXToolbox still reports "Reverse DNS does not match SMTP Banner." I suspect this may be due to DNS propagation delays.

I will monitor the situation for a while and will update you if the issue persists.

Thank you again for your support!

Answer accepted by question author

0 additional answers

Your answer

Huang WeiYe 20 Reputation points

2024-10-07T09:40:12.3+00:00

Hi @KapilAnanth ,

Thank you for your prompt response and assistance.

I ran the command as you suggested, and the output I received was:

{ "fqdn": "mailforismart.eastus2.cloudapp.azure.com" }

This confirms that the current FQDN for the public IP is set to mailforismart.eastus2.cloudapp.azure.com.

I initially attempted to set the reverse FQDN directly to mail.i-smart.me, but I encountered the ReverseFqdnDoesNotBelongToSubscription error, even though my A record was correctly configured and there are no cross-subscription issues.

Afterwards, I set the reverse FQDN to mailforismart.eastus2.cloudapp.azure.com, and that was successful. However, tools like MXToolbox are still indicating a mismatch with the error message: "Reverse DNS does not match SMTP Banner."

Could you please advise on how to resolve this issue to ensure that the PTR record is correctly associated with my mail server?

Thank you for your continued assistance!
KapilAnanth 49,856 Reputation points Moderator

2024-10-08T05:24:47.6466667+00:00

@Huang WeiYe ,

As next steps,

Can you please create a CNAME record "mail.i-smart.me" to point to "mailforismart.eastus2.cloudapp.azure.com" ?

Instead of A record pointing to the IP

From validation requirements, I see this is also supported

Meanwhile, I shall check internally if the domain name having a hyphen is causing any issues.

Cheers,

Kapil
Huang WeiYe 20 Reputation points

2024-10-08T07:20:16.8333333+00:00

Hi @KapilAnanth ,

Thank you for the guidance.

I created a CNAME record for mail.i-smart.me pointing to mailforismart.eastus2.cloudapp.azure.com. I also added an A record for *.i-smart.me pointing to the public IP.

However, MXToolbox still reports "Reverse DNS does not match SMTP Banner." I suspect this may be due to DNS propagation delays.

I will monitor the situation for a while and will update you if the issue persists.

Thank you again for your support!
Huang WeiYe 20 Reputation points

2024-10-08T07:25:01.4733333+00:00

Hi @KapilAnanth ,

Thank you for the guidance.

I created a CNAME record for mail.i-smart.me pointing to mailforismart.eastus2.cloudapp.azure.com. I also added an A record for *.i-smart.me pointing to the public IP.

However, MXToolbox still reports "Reverse DNS does not match SMTP Banner." I suspect this may be due to DNS propagation delays.

I will monitor the situation for a while and will update you if the issue persists.

Thank you again for your support!

Answer 1

KapilAnanth 49,856 Moderator

@Huang WeiYe ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

From the Validation requirements, I see

A vanity DNS name, such as: app1.contoso.com. As long as this name is first configured as an A record pointing to the IP address 23.96.52.53
Similarly, as long as your custom domain (mail.i-smart.me) is pointing to the Azure VM's Public IP (not the DNS Name), you should be able to add this as a reverse FQDN.

So, technically, you do not have to both CNAME and A record for the DNS "mail.i-smart.me" to point to the VM's DNS and Public IP respectively.

Can you please share the output of the below command?

Azure CLI : az network public-ip show -g <RGName> -n <IPName> --query "{fqdn: dnsSettings.fqdn}"
Is it null or "mailforismart.eastus2.cloudapp.azure.com" or some other value?

P.S: I believe you are running the commands in the same subscription as the Public IP resides, please confirm once.

Cheers,

Kapil

Huang WeiYe 20 Reputation points

2024-10-07T09:26:31.8666667+00:00
Hi @KapilAnanth

Thank you for your prompt response and assistance.

I ran the command as you suggested, and the output I received was:

{ "fqdn": "mailforismart.eastus2.cloudapp.azure.com" }

This confirms that the current FQDN for the public IP is set to mailforismart.eastus2.cloudapp.azure.com.

I initially attempted to set the reverse FQDN directly to mail.i-smart.me, but I encountered the ReverseFqdnDoesNotBelongToSubscription error, even though my A record was correctly configured and there are no cross-subscription issues.

Afterwards, I set the reverse FQDN to mailforismart.eastus2.cloudapp.azure.com, and that was successful. However, tools like MXToolbox are still indicating a mismatch with the error message: "Reverse DNS does not match SMTP Banner."

Could you please advise on how to resolve this issue to ensure that the PTR record is correctly associated with my mail server?

Thank you for your continued assistance!
KapilAnanth 49,856 Reputation points Moderator

2024-10-07T10:23:58.0766667+00:00
@Huang WeiYe , you are welcome.

Good to know that default DNS is already added.

Now, you can add your custom domain.

Can you run the following command and let me know if the reverse FQDN gets updated (for custom domain)?

az network public-ip update --resource-group MyResourceGroup --name PublicIp --reverse-fqdn mail.i-smart.me.

Cheers,

Kapil
Huang WeiYe 20 Reputation points

2024-10-07T12:29:58.1266667+00:00

Hi @KapilAnanth ,

Thank you for your continued support.

I executed the command you suggested to update the reverse FQDN to my custom domain (mail.i-smart.me). However, I encountered the same ReverseFqdnDoesNotBelongToSubscription error again.

To clarify, I have confirmed that the A record for mail.i-smart.me is correctly configured and is resolving properly. Additionally, I verified that I am running these commands within the same subscription as the public IP resource.

Could you please provide further guidance on how to resolve this issue?

Thank you for your assistance!
KapilAnanth 49,856 Reputation points Moderator

2024-10-07T15:49:31.19+00:00

@Huang WeiYe ,

This is strange.

Can you please try the same with Powershell commands instead ?(just to make sure this is not a CLI specific bug )

Refer : Azure PowerShell | Configure reverse DNS for a public IP address with an existing name

Cheers,

Kapil

Huang WeiYe 20

Hi @KapilAnanth ,

Thank you for your assistance.

I ran the PowerShell command as suggested:

$pip = Get-AzPublicIpAddress -Name "xxxxxxxx-1-ip" -ResourceGroupName "xxxxxxxx-group-1"
$pip.DnsSettings.ReverseFqdn = "mail.i-smart.me"
Set-AzPublicIpAddress -PublicIpAddress $pip

I received the error:

ReverseFqdn mail.i-smart.me that PublicIPAddress xxxxxxxx-1-ip is trying to use does not belong to subscription...

Current FQDN returned by $pip.DnsSettings.ReverseFqdn is:

mailforismart.eastus2.cloudapp.azure.com

Is there anything else I may have overlooked?

Thank you!

KapilAnanth 49,856 Reputation points Moderator

2024-10-09T05:51:45.31+00:00

@Huang WeiYe ,

Not sure how MXLookUp helps here.

However, from dig web interface, I can see the resolution is correct.

I shall check internally and get back to you soon

Cheers,

Kapil
KapilAnanth 49,856 Reputation points Moderator

2024-10-11T06:39:18.98+00:00

@Huang WeiYe ,

This appears to be an isolated issue specific to your environment.

To troubleshoot further, we will need a specialized 1:1 session, where a support engineer can check the backend logs to pinpoint the issue. If you have a support plan you may file a support ticket, else please do check the Private messages I initiated - we will try and help you get a one-time free technical support.

P.S : We will be able to provide you one-time support if and only if your subscription is not managed by a CSP

Share via

Need Assistance with PTR Record Configuration

0 additional answers

Your answer