Strange DNS Issues Hopefully Resolved!

February 21, 2014

Earlier, we received a report that a client was trying to send email but it bounced back with an error message, “stat=Deferred: 450 4.7.1 Client host rejected: cannot find your reverse hostname…” This was odd because for the past 14 years, we’ve had our own Class C IP range along with delegation to be authoritative for the domain names and provide the reverse IP lookups.

At first, we thought there must have been a problem with our DNS server. DNS issues can be tricky to sort out at times; other times a problem is recognized almost immediately. Today however, we spent hours trying to test and understand why our DNS was not responding to reverse lookups (or so we thought that was the problem). But nothing made sense. Have you ever tried to do some troubleshooting assuming the problem is in one place, and knowing it is quite possible, and then discovering the problem was something completely different?

On a hunch, I checked the ARIN.net database for our IP assignment. It was still there, as I expected it would be – but what I discovered was that in the past couple of days, the record had been updated somehow and the reverse IP delegation was showing that it belonged to our provider. How that occurred, we can only guess until Monday when we can speak with their IT Manager, but possibly they had someone do some updates of their own at ARIN and inadvertently changed our records there.

This would have been fine if their DNS servers had our DNS PTR records, but they don’t and never have hosted them. As a result, some email from our network was bouncing if the networks they were being sent to only accepts email from IP addresses that have valid domain names and are listed in reverse DNS.

At this point, we’re sure the situation will be resolved shortly. The correct records have been updated but it could take 24 hours for DNS to update and recognize the change back to the way it should have been.

ARIN stands for “American Registry For Internet Numbers” and is the organization through whom IP addresses in North America are assigned and information about them kept. When the information they have is wrong, things don’t always work out so well as far as domain name resolution.

Our apologies to our clients who were affected by this! We understand the frustration of having email bounce back when it should have gone through – and certainly it was a bit frustrating for us to go over our DNS configuration, find nothing wrong but continue to have problems. It was a head scratcher for awhile, for sure. Thanks so much for your patience and understanding. Things should be back to normal soon.

Just a quick reminder: You should not have to resend the emails as they are consider “deferred” and the email server will continue to attempt delivery until successful delivery is made or 4 days has passed, whichever comes first. I’m confident that over the next 24 hours, the emails in question will be delivered correctly.

Learn More About Our Linux Server Management & Security Services

Leave a Comment