DNS PTR Record with VM and Slave DNS

With Virtualmin managing the DNS and transferring them to the DNS Cluster on Webmin, how do I generate the PTR record?
Do I BIND creating a reverse zone? Is it transferred to Webmin Slave or do I have to create it manually?

The provider provides me with the PTR of the server which is on a different domain.

OS type and version Debian 12
Webmin version 2.105
Virtualmin version 7.10.0
Related packages BIND M & S

ptr records are per IP not domain

The Domain Name System, or DNS, correlates domain names with IP addresses. A DNS pointer record (PTR for short) provides the domain name associated with an IP address. A DNS PTR record is exactly the opposite of the ‘A’ record, which provides the IP address associated with a domain name.

so you don’t generate a ptr you get the provider to set it for the IP in question or in fact some providers allow you to edit this record yourself

Some provides will also delegate it, if you prefer. Though there isn’t much benefit to that. PTR just needs exist and point to a name that resolves back to the IP.

I want the emails to have their correct PTR so as not to have problems with anti-spam.
If I check with www.mail-tester.com I get:
Your A.B.C.D IP address is associated with the MyServer.Domain-Provider domain.
Instead, your message appears to have been sent from Hostname.MyDomain.tld.

look at these results … near perfect score

but no worries with the host name and reverse being different

It gives me the OK too, but then GMail blocks my mail.
I want to put the PTR and since the provider is not responding I ask again if I can create the reverse zone from BIND even if in a Master + Cluster Slave context.

== From GMail
This is the mail system at host HOSTNAME.MYDOMAIN.
I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system

Gmail has detected that this message does not 550-5.7.1 meet IPv6 sending guidelines regarding PTR records and authentication 550-5.7.1 .

No Idea on that one I always disable IPv6

In the previous installation I had disabled IPV6 and had problems with its lack and then There are the correct AAAA records.
I’m sure GMail would give me error with PTR over IPV4.

Doesnt bother my system … that said i would expect them to try ipv4 first and if an error was there display it

GMail’s latest policies are putting many people in crisis, including me.
I no longer receive any emails sent to Gmail mailboxes or those managed by Google.
I have all the parameters ok, except the PTR.

It does not matter what the PTR record is.

  1. It must exist.
  2. There must be an A record for the name in the PTR.
  3. That A record must resolve back to the IP.

That’s it.

No mail server blocks based on PTR not matching the from address.

You are misunderstanding the errors and policies, if you think it needs to be anything other than that.

Note also, that if you are sending from an IPv6 address, the same thing must happen.

1 Like

Google hasn’t changed their PTR policy.

Their policy is here: Email sender guidelines - Google Workspace Admin Help

IP addresses

Important: The sending IP address must match the IP address of the hostname specified in the Pointer (PTR) record. 

This means the PTR record must point to a name that resolves back to the same IP address. It does not mean the PTR must match any other name in the email.

I know that guide well because since Google changed its policies last month, many people are having problems.
It’s not just about the PTR.
In my specific case it is a PTR problem because the provider has the reverse to their commercial server name and not my name that I assigned in hosts and hostname.
Since I’ve already asked them to fix it, but they haven’t even responded for two days, I have two other options in front of me.

  1. Fix it with Virtualmin, and I’m asking for suggestions on how to do this.
  2. I close everything and get a normal hosting space for websites and emails somewhere else because I can’t spend any longer without working.

Virtualmin cannot force your hosting provider to delegate to your server or force them to update the PTR. Since your hosting provider owns the IP block you’re hosting on, they own all the PTR records, unless they delegate it to your DNS servers.

Since this appears to be about the IPv6 record (I think, but since you haven’t posted the actual names anywhere, I don’t think, I can’t check anything) if you have an IPv4 IP, perhaps you should just stop trying to send mail to Google over IPv6 and only use IPv4. That of course, assumes the PTR record for your IPv4 IP is valid and has an A record that points back the same IP.

I entered the IPV4 and IPV6 IP address in hosts. Everything else was done when installing Virtualmin on the server and Webmin on the VPS.
If I need to delete IPV6, I can remove it from hosts, but then I don’t know if it is maintained in other Virtualmin and Webmin configurations.

A third option could be to change the name of the server and instead of calling it myhostname.mydomain.tld I will call it with the commercial name of the provider, so the PTR will be correct.
Then I will also have to change the nameserver references of the different domains so that they refer to this new name.

It’s something I don’t like, but it should work.

That isn’t what is preventing you from being able to deliver mail, so I don’t see how it can help.

You need a PTR record to exist for any IP you send mail from (including IPv6 if you’re sending from an IPv6 address).
That PTR record needs to have a name that has an A record.
That A record needs to point back to the IP address of the same IP that matches the PTR.

That’s it. You’re interpreting the Google policy incorrectly. It is a common misconception about PTRs, but it is wrong. No major mail servers will block mail over anything else. It may look nice and neat to have all the names match. But, the only thing that has to be true (according to the written Google policy, but also everybody else is the same) is that you have a PTR, the name that the PTR points to resolves (there is an A record), and it resolves back to the right IP address.

You can change the hostname if you want it to match. But, it’s not why you can’t send email.

You’re right, surely there is an A Record on the server’s commercial name, but it’s obviously not in the domain I purchased.

How do I remove IPV6 from Virtualmin and Webmin?
Do I remove it from hosts and then how do I regenerate the correct configurations?

Virtualmin isn’t sending mail. Postfix is the MTA in a Virtualmin system. So, you’d need to disable it for Postfix: Postfix IPv6 Support

I believe inet_protocols is all you need for outgoing SMTP (unless you’re using send-dependent maps or something else that does something complicated with outgoing mail).

I managed to change the PTR and get the emails to Gmail.
Let’s hope that no other problems emerge later.
I’m closing the post.
Thanks everyone for the help.

Two steps forward and one step back.
The email is not rejected, but goes to spam.

1 Like