I have to make decision whether my Reverse DNS should match SMTP banner but Reverse DNS to DNS and vice versa stays different or vice versa. Which one to choose?
I have an 2x Exchange 2010 server with one SMTP Sender with TMG 2010. TMG has 2 links connected so that we have 2 separate internet providers. The problem is I have no way to control TMG behavior on which link is used to send emails as it picks it randomly.
I have 2 MX records:
– mail.test.com which resolves to IP and IP resolves to mail.test.com
– mail2.test.com which resolves to IP2 and IP2 resolves to mail.test.com
This was done to prevent smtp banner issues but it provides problems with Reverse DNS if the server on the other side is eager enough to do comparison. But I've checked with Google and they also don't have that in perfect condition.
Best Answer
If you have to choose between the two match rDNS to A-record so both IPs still have FcRDNS, but make sure the hostname presented in the smtp banner is resolvable as well (choose one of the two hostnames). Broken FcRDNS is way worse than SMTP banner not matching rDNS.
Alternatively, you could get rid of the 2nd hostname alltogether and you wouldn't have any mismatch at all
with that solution you'd have the best of both worlds. HELO / A / PTR would match in every case and you'd still have MX loadbalancing/failover:
from rfc5321: