A records point to a domain

[Mark.Andrews at nominum.com]

> Stewart Tolhurst <news at stolhurst.freeuk.com> writes:
> 
> > yahoo.com A (Address) 204.71.200.243
> > Is this kind of thing RFC compliant?
> 
> It most certainly is.
> 
> > Does it raise any issues or cause any potiential problems?
> 
> A lot of people do it.  (I do it, too.)
> 
> The only problem I can think of is the following scenario:
> 
> 1. You have `example.com. MX 10 mail.example.com.',
>    `example.com. A 10.0.0.1', and `mail.example.com. A 10.0.0.2'.
> 
> 2. A remote MTA tries to deliver an email message to user at example.com.
> 
> 3. It does an MX lookup on `example.com.' and it fails (e.g., because
>    the host can't get your nameservers).

	MTA's are writen to expect that sites will be unreachable at
	both the DNS and SMTP level.  They stop processing and queue
	if the MX lookup fails, NXDOMAIN is not a failure.

> 
> 4. Since it didn't get an MX record, the MTA looks for an A record.
>    By this time it can get to your name servers so it think that you
>    want mail for user at example.com to go to 10.0.0.1 rather than
>    10.0.0.2.

	Only a *broken* MTA would get this far.

> 
> 5. You happen to run something on port 25 on your web server, but it's
>    not configured as a mail exchanger for your site, so it gives a
>    permanent error and the message bounces.
> 
> In the end a perfectly good message that should have been delivered on
> the next queue run is bounced because you had an A record and an MX
> record for the same thing, pointing to different machines.
> 
> I'm not sure which MTAs would and would not go to step 4 when a
> temporary DNS failure occurs.  Anyone?
> 
> -- 
> stanislav shalunov				| Speaking only for myself.
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com