FCrDNS - how to setup rDNS and delist the IP 104.18.63.95


#1

I need to add A record for 104.18.63.95 in order to match it with PTR (I however can’t do it - I’m getting error message: DNS Validation Error (Code: 1004): Content for A record is invalid. Must be a valid IPv4 address (Code: 9005)

My hosting iFastnet.com sends me back to Cloudflare to help me as IP belongs to them.
I’m getting the following error on http://dnsbl.spfbl.net/en/104.18.63.95

No rDNS was found.
This IP has been flagged because have none valid FCrDNS.
Register a valid rDNS for this IP, which points to the same IP.
The rDNS must be registered under your own domain for you be able to delist it.

Has anybody managed to solve it? thanks in advance!!
Darius


#3

Can you explain why/what you are trying to do? It looks like you are trying to remove a Cloudflare IP address from some type of RBL, but Cloudflare IP addresses are not used to send mail.


#4

sure, this is the page with the result that confirms that my IP does not have valid FCrDNS:
http://fmb.la/ip/104.18.62.95

I also wanted to add this explanation as to why I am trying to add FCrDNS:

Why Forward Confirmed rDNS is Important - FCrDNS helps prevent others from spoofing your hosts. If I’m the bad guy and I control the reverse lookup for my IP addresses I can put anything in there. I could pretend to be your bank and try to trick you into giving up your account information. However what I can’t spoof is if you do a lookup on the fake name I return and it either doesn’t resolve or resolves to a different IP address then you know it’s not genuine. If it does resolve to the same IP address then you know it’s good. This is because only the domain owner can make FCrDNS work correctly. This is a very important tool in detecting email phishing scams.


#5

more explanation: so I am trying to add the following records:
since my bedandocean.com returns IP 104.18.62.95 I am therefore trying to setup a PRT record. I need to add A record as follows:
95.62.18.104.in-addr.arpa A 104.18.62.95 (<<< this one cant be added)
and
104.18.62.95 PTR 95.62.18.104.in-addr.arpa (<< this one can be added)


#6

Outside of email servers no one does that. It may be a best practice someone wrote up 20+ years ago, but it doesn’t match the reality of the internet. IPv4 addresses are a scare resource and NAT/multi-hosting are the norm.

Cloudflare controls the address space in which 104.18.63.95 lives. Unless you’re an Enterprise customer paying for dedicated static IP address space that is a shared namespace which could change at any time. Since we control the 104.16.0.0/12 in which those addresses appear we control the in-addr.arpa zone/ records.

If you are on an enterprise plan with your own dedicated static IP address space you can contact your account team to discuss the need. Otherwise I don’t believe we’d add such a record for a specific customer.

Signed trusted SSL certificates and DNSSEC are much better ways of proving that you’ve gotten the correct IP address for a host and that the webserver is valid/trusted for www traffic.


Create in-addr.arpa rDNS zone
Create in-addr.arpa rDNS zone
#7

Yeah found https://spfbl.net/en/fcrdns/ which echos my comment re: mail servers. The Cloudflare IP address 104.18.63.95 will never send mail on behalf of your domain isn’t/can’t be the IP address of an SMTP server.


#8

thanks very much for taking the time to reply.
It has all started from checking the IP 104.18.63.95 on MXToolbox.com (against blacklists)- it looks that it has been blacklisted on Suomispam Reputation. It got to my attention and I assumed that having FCrDNS would solve it + PTR is one of the way to add more creditability to my emails/domain.


closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.