Request reverse dns mapping advice

[Dave Warren]

On Mon, Sep 5, 2016, at 09:46, John Levine wrote:
> >1.  pick a primary domain from the list of virtual hosts (example2.com)
> >2.  use the "real" host name of the server (juvat.example1.com)
> >3.  the mail server name (mail.example1.com)
> >4.  the dns server name (ns2.example1.com)
> >5.  another domain from the virtual hosts list (example 3.com)
> 
> Publish a PTR with the mail server name, forget about the rest of
> them.  
> 
> On today's Internet, you want your mail server to EHLO with a name
> that has matching forward and reverse DNS with the server's IP.  If
> you don't, you look unnecessarily like a spambot.
> 
> Everyone knows that web servers and DNS servers have multiple names,
> and neither should be sending unsolicited traffic, so matching rDNS
> doesn't matter.

Perhaps I'm old fashioned, but I like to see things done "correctly",
and rDNS is one of those things that shows a competent host who worries
about getting the details right, vs a host who has no technical skills
or knowledge and does the bare minimum. Does it make for an operational
difference? Not really. But it does make it obvious what entity is
responsible for a machine and I feel that that's important.

Personally, I set valid and correct names that identify me (the host) on
machines under my control, whether or not they're intended to make
outbound connections (and web servers do). If an IP is dedicated to a
specific client then I'll consider what makes the most sense, but
generally I do assign the client's rDNS to a dedicated IP.

With that being said, I'd do something like ns2.example.com, or
web.juvat.example.com, or whatever is appropriate within your normal
naming scheme.

> Opinions vary on how well it works to return multiple PTRs.  My
> advice is don't borrow trouble you don't need.

I agree on this point. Even if it works with only a few PTRs (and it
mostly will, as long as each PTR has a matching and valid A/AAAA
record), what will happen when you have dozens of domains?