Multiple PTR records

In the unusual case that your host has multiple Internet facing addresses and your mail server randomly binds to them when sending, you might want to configure that host as you suggest. This may cause problems for remote servers sending you mail if your server fails as they may try each address in succession. (I have seen a lot of posts from users having problems getting applications to send from the non-primary address on an interface.) rDNS rules are of concern when you are sending, so I would verify that the only the primary address is being used and configure DNS accordingly. You may be able to choose another public address and configure your server to bind to it. I would verify that configuration. You can verify the address you are sending from by sending a message to [email protected] as described on the AOL troubleshooting page.

If you have multiple addresses for an A record, then you could have a PTR record back to that A record for each of those addresses. This would be unusual and I would NOT recommend doing so. All of the lookups I have done for A records with multiple IP addresses have PTR records back to a unique domain name. Having each PTR record return a unique domain makes it much easier to determine which host is malfunctioning should it be necessary. The few cases I have seen the same domain from multiple servers appear to be moves of the domain to a new IP address.

The one domain I know of that uses a singe domain name for multiple servers is facebook.com. They use a single name mx-out.facebook.com as the name in the HELO command. Its A record returns two addresses, but they have a farms of servers with PTR records to unique names other than mx-out.facebook.com. All of their severs that have sent me mail pass rDNS validation on their IP addresses.

Likewise, is is legal but not common to have a PTR record return multiple domains. Not all providers will support this. Of the hundreds of mail servers I have in my email database, very few have more than one PTR record. The majority of those don't have a valid rDNS lookup for any of the domains.

It is best to have separate domain (host) names for each IP address with pointer records pointing back to that unique domain name. Any A records with multiple addresses would be different from any of the host names and are generally used to load balance web servers and other stateless services. The configurations I have seen for load balancing SMTP servers use multiple MX records with the same prioritity. Overload and server failure can be handled with multiple MX records with different priorities.

For an example try following the addresses for google.com or a similar server to their PTR records and back. You might also want to look at the mail servers for any of the large freemail services like gmail, hotmail, or yahoo.

It is common to have PTR record for addresses not hosting an Internet mail server which do not have a corresponding A record. ISPs often use this technique.

If the PTR record of an SMTP server points to an A record which does not point back to the PTR record, something is broken.

My research shows servers which pass rDNS and have a valid SPF record for the hostname or HELO name are more than 90% likely to deliver ham rather than SPAM. Few of the failures to deliver are Spam related.

Systems which fail to pass rDNS are highly likely to be sending spam. Those that don't send spam are most likely to be sending to a mailing lists or otherwise sending automated email.

There are various misunderstandings of how the DNS operates that make people think that address→name must be the inverse of name→address. It's not necessary that this be so, and that's not how the DNS actually operates. As for multiple addresses mapping onto the same name: That's not improper, either. It doesn't share the problems of a single address mapping to multiple names, moreover, and fan-in is at least better than fan-out when it comes to the Half-Baked Ideas Brigade doing address→name→address lookups.

The simplest approach to address→name lookup is to just set up opaque content DNS service, using something like walldns, and make the appropriate delegations pointing to it so that it is used. That gives one address→name and name→address mappings that are the inverses of each other, with automatically-generated names.

For email, the primary concern is going to be remote hosts using PTR records as part of their spam evaluation. (Make sure you use SPF, too!) It should not be an issue to configure the PTR records for multiple addresses to a given name in this way.

As far as what you'd 'expect' to see, you can feel free to make it as clean (perfect matching between forward and reverse) or as lazy (say, setting 1.30.40.3 to resolve to 1-30-40-3.mydomain.com) as you'd like. Most applications really don't care how reverse lookups are set up, it's more often used for host-discovery and personal sanity ("what the heck was at that IP, again?").

One of the only places this is going to potentially matter is for your DNS servers; you want to make sure that they forward-resolve and reverse-resolve correctly.