Troubleshooting DNS After Changing Internet Line

Question

Hi everyone,

Currently I have a user that just change their internet line. And by doing so, I have updated the external DNS server with the new IP range.

However, currently I have issues with the DNS server (using Windows Server 2008 R2) after update the forward and reverse lookup zones where the email server could not send emails to a Yahoo server and some sites could not be access from public. Right now, there are no issue with SPF and DKIM as I have checked with MXToolBox and IntoDNS. My email server also hasn't been blocked by Yahoo themselves but after checking in an IMSVA administrator, we found that it's related to the reverse lookup zones.

We have checked together for the reverse lookup zones and all the IP provided by the ISP has been updated to the new IP addresses, but it doesn't resolve the issue still. But when I try to nslookup both forward and reverse zones, the forward zones reply with no issue, but the reverse lookup shows non-existent domain.

What could I do to mitigate this issue? Is there any configuration in the external DNS server that I have overlooked when changing this external DNS addresses?

Regards,

Ahmad Dhamiri

Answer 1

Hello,

Based on our understanding of the issue, we recommend that you follow the steps below:

1. Verify the PTR record provided by your ISP: Ensure that your ISP has properly configured the PTR (Pointer Record) record for the new IP address. The reverse DNS lookup should correctly resolve back to the actual FQDN (Fully Qualified Domain Name) of your mail server.
2. Check the Reverse Lookup Zone Settings: On the Windows Server 2008 R2 DNS server, double-check that the reverse lookup zone contains all the PTR records for the new IP address and make sure they point to the correct hostname. Each IP address should correspond to a correct PTR record.
3. Flush the DNS cache: Clear the cache on the local DNS server to ensure that the server is using the latest DNS information. The DNS cache on client computers can be cleared by executing ipconfig /flushdns from the command line. For the DNS server itself, it may be necessary to manually clear the cache in the DNS management tool or restart the DNS service.
4. Verify DNS zone replication: If you have multiple DNS servers, make sure that the new reverse lookup zone changes have been synchronized to all DNS servers through AD integration or regular zone replication mechanisms.

Regards,

Karlie

Answer 2

Hello Karlie,

For the steps mentioned, I have done steps 1, 2 and 4. Our PTR records has properly configured corresponding to the IP address provided by our ISP.

Right now, we haven't tried Step 3 since we are concern about possible issues of reachability of our sites from outside after we perform clearing DNS caches. Also, we are currently trying to reach to our ISP provider regarding this issue, since when we try to troubleshoot in MxToolBox, we found that our forward lookup zone is right pointing to our IP address but when we try to reverse lookup, instead of our domain, the IP address points to our ISP provider DNS, which to us is quite weird to us too. After we have clarification from our ISP provider, we will try to do Step 3.

We will update to you as soon we have updates from our side.

Regards,

Ahmad Dhamiri

Answer 3

Hi Karlie,

Apologies with late reply. So, for this issue, we have solved it by creating new SPF, DMARC & DKIM keys and contacting the ISP that provides the new IP address to our customers' network by pointing the mail gateway to our new mail gateway PTR record. After troubleshooting with them, the issue has been resolved. Our email server has now been able to send emails to Yahoo users.

You may close this question.