Messaging Gateway

 View Only
  • 1.  Reverse DNS lookup in Brightmail IQ service

    Posted Dec 11, 2011 10:42 PM

    When I use the Sender IP Lookup form on Symantec's Security Response site (at http://www.symantec.com/business/security_response/landing/spam/) for one of my server's IP addresses, I get a "no/no" response in the Rev/Fwd Lookup column. If I do a reverse DNS lookup from my desktop machine at home or from a number of other web-based services (revip.info, mxtoolbox.com, etc.), everything looks fine. Does anyone know of a way to find out why Symantec's rDNS lookup is failing?



  • 2.  RE: Reverse DNS lookup in Brightmail IQ service

    Posted Dec 12, 2011 01:56 AM

    The Symantec site is not for reverse DNS lookup but for repulation lookup. It will tell you if your IP is in good senders or bad senders list of Symantec reputation lists. If it shows nothing that means your ip has a repuation that is not know to symantec.



  • 3.  RE: Reverse DNS lookup in Brightmail IQ service

    Posted Dec 12, 2011 06:36 AM

    I don't have an absolute "for sure" answer for you, but it looks like the Symantec IQ Services are specifically looking at whether the records match, as spam solutions are getting aggressive enough to judge on matching. I don't know that the other services you mention are actually looking for a match, instead just checking if the records exist.

    Of course, it would be easier to answer this with the IP address to research. But, that's my guess as is.



  • 4.  RE: Reverse DNS lookup in Brightmail IQ service

    Posted Dec 12, 2011 08:52 AM

    The IP in question is 66.228.35.217. It has a PTR record to www.bodytrackeronline.com, which is an A record that points to 66.228.35.217. So as far as I can tell, those are properly matching records.

    I have looked at a number of services that just do reverse DNS lookups, and at least one (http://ipadmin.junkemailfilter.com/rdns.php) that checks whether the forward and reverse records match. They've all seen my forward and reverse DNS records without any problems.



  • 5.  RE: Reverse DNS lookup in Brightmail IQ service

    Posted Dec 12, 2011 10:39 AM

    I checked some of our IPs on the symantec site.  Some reverse, others don't.   I check the ones that didn't reverse on Symantec at RevIP.info - failed, MXToolbox - correct reverse,  google DNS (8.8.8.8) worked.

    Even thought the RevIP.info site failed, if I used the DNS server IPs on their site, both correctly reversed.

    http://www.kloth.net/services/dig.php   PTR also worked and shows the query diagnostices

    I'm thinking that there is something wrong with the DNS chain from Symantec, RevIP, etc that is causing the problem.



  • 6.  RE: Reverse DNS lookup in Brightmail IQ service

    Posted Dec 12, 2011 12:10 PM

    Thanks for using our tools to confirm your PTR record. I've tested your IP in a few of our internal tools and it all checks out. This looks like it may be a slight issue with the Symantec tool.

    Are you having any other issues that you are concered about with this IP?

    Thanks,

    @mxtoolbox



  • 7.  RE: Reverse DNS lookup in Brightmail IQ service

    Posted Dec 12, 2011 08:17 PM

    Thanks for taking a look. The only issue I'm having is that some services, particularly spam filters, appear to have trouble seeing my reverse DNS record, or at least they report that they do. I'm concerned about the Symantec tool's behavior because it might be indicative of how deployed instances of Brightmail behave (i.e., they might not see my rDNS record for some reason).



  • 8.  RE: Reverse DNS lookup in Brightmail IQ service

    Posted Dec 13, 2011 06:27 AM

    Hopefully one of the folks that works in that support realm (Security Response/IQ services) will be able to respond to this; it is not an internal function of the SMG appliance.

    As to the SMG appliance though, reverse DNS was only recently implemented as an actionable check (version 9.5). Prior versions would only alert on reverse DNS failures, primarily because DNS implementations have historically had a varying degree of proper configurations. However, even though the current version of the SMG appliance does DNS validation, it is not on by default. And when it is enabled, it does very specific checks directly against the DNS source and does not access a global reputation for for these checks.

    If you are experiencing issues with DNS validation on the SMG appliance, it would probably be best to open a support ticket for investigation into functionality. I have not seen any situations where these checks are failing due to functionality, and not due to DNS.



  • 9.  RE: Reverse DNS lookup in Brightmail IQ service

    Posted Dec 19, 2011 02:41 AM
      |   view attached

    i am faceing problem when i check client then it showing symantec management server is offline due to this my client is not update from symantec management server so i want to need your help please provide me help