As the question suggests, is it possible for me to buy/get dedicated/static IP addresses and connect them to my OpenVPN server so I can assign each IP address to a client?
I've taken on the task of running a small email server, and the world of spam makes it more challenging for an individual, as many MTAs are highly paranoid about accepting email.
I think I've configured nearly everything that could be a problem successfully: A commercial SSL certificate, DKIM, a proper domain, and static IP address. My (piddly) email in fact goes out almost all of the time. But the most paranoid MTA's are still rejecting my email - Craigslist for example - and it appears to be my reverse lookup at fault.
I've recently changed my static IP address, and my service with my ISP. When they changed it, I tried to get this configured correctly, but I fear it is not. But I'm not 100% certain what is wrong, or what my reverse record should look like.
I especially don't want to approach my ISP with a "Look, I don't know what the problem is, but you need to fix it anyhow" attitude. If there's a problem I want to be able to describe exactly what it is before I get on the phone with the NOC. They don't offer a control panel for this as far as I can tell, so I don't want to try anyone's patience with a bunch of trial and error.
OK, the specifics, redacted & fictional, but consistent:
Domain: funkeedomain.org
Mailserver (DNS MX record): mx.funkeedomain.org
Static IP address: 111.222.333.444
Static IP address reversed: 444.333.222.111
FQDN originally requested of the ISP for reverse lookups: main.funkeedomain.org
Here's a typical rejection notice from my mail server (hMailServer):
Your message did not reach some or all of the intended recipients.
Sent: Thu, 12 Jan 2017 11:53:50 -0800 (PST)
Subject: Blah blah blah
The following recipient(s) could not be reached:
[email protected]
Error Type: SMTP
Remote server (64.235.154.109) issued an error.
hMailServer sent: .
Remote server replied: 550 permanent failure for one or more recipients ([email protected]:550 Sender IP reverse lookup rejected)
hMailServer
A commercial email-sending checker tells me:
main.funkeedomain.org.333.222.111.in-addr.arpa Failed - No A Record Found in DNS
So, fine. What do DNS tools tell me?
stew@griffin:~$ host 111.222.333.444
444.333.222.111.in-addr.arpa domain name pointer main.funkeedomain.org.333.222.111.in-addr.arpa.
stew@griffin:~$ dig -x 111.222.333.444
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x 111.222.333.444
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16150
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;444.333.222.111.in-addr.arpa. IN PTR
;; ANSWER SECTION:
444.333.222.111.in-addr.arpa. 86365 IN PTR main.funkeedomain.org.333.222.111.in-addr.arpa.
;; Query time: 0 msec
;; SERVER: 10.0.0.4#53(10.0.0.4)
;; WHEN: Thu Jan 12 19:09:11 PST 2017
;; MSG SIZE rcvd: 93
From reading examples (http://www.gettingemaildelivered.com/how-to-set-up-reverse-dns-rdns for instance), my strong impression is that this is wrong, and my reverse record set up by my ISP should be a PTR to "main.funkeedomain.org", NOT "main.funkeedomain.org.333.222.111.in-addr.arpa."
Am I right to think this? What should I be expecting in my reverse record if not what I'm finding?
Thanks all who responded, and my post-post grammar copy-editor.
Both HBruijn and Andrew B's answers were correct, but they appear to want me to select HBruijn's, which is also shorter, and so I have.
I had to call no less than five times to get this resolved. Having a 100% accurate diagnosis was surely key to me getting this passed blindly up 3 levels of escalation successfully - I was never allowed to talk to the DNS department directly.
Thank you all again.
We have Linux boxes with static IP, some using Centos and other Debian, using IP ranges reserved for development and testing.
We need this boxes to 'publish' their DNS into DNS Server 2008R2, without administrator nor manual intervention.
These hosts has their hostname properly configured, but they don't register themselves to the DNS, so I cannot access them with their hostname.
On a windows box, this process is automatic and you can force re-registration with ipconfig /registerdns. Do we have equivalent for the Linux family?
The idea is to make these hosts to automatically add an entry for themselves on the DNS server so I can access them using their hostname.
RFC 2136 `Dynamic Updates in the Domain Name System (DNS UPDATE)' defines the protocol.
I'm tasked with implementing VPN access on a gateway. The LAN DHCP server is configured to assign the same IP address to a given MAC address. I would like to have this functionality for clients who connect over the VPN. I know I can configure openVPN and strongSwan to use a 3rd party DHCP server, but do daemons use the client MAC address for the DHCP request? Everything I've read doesn't go into this detail, but I imagine it would use the TAP interface MAC address. Am I wrong about this? How much work would it be to configure/patch the VPN server software to achieve this functionality?
I'm having a "lively" debate with a work associate about the reasons for or against using DHCP on servers in a network environment. The network environment in particular is a relatively small network, but in my experience it's always better to have servers on static addresses, especially for things like remote management, etc.
I looked, and could find any specific reasons for or against dynamic addresses assigned on servers so I figured I'd ask the crowd here.
My work associate argues for DHCP assigned server addresses for ease of management, and states if the addresses ever change you don't have to change the server IP manually. I'm dubious about this response.
For management purposes, this network being small, it's no big deal to change the IP of static devices since there's so few.
Any suggestions, ideas or comments?