Wrong glue records entered.
kerry at security.geek.nz
Tue Jan 18 02:38:02 UTC 2005
Steven Job said:
> Are glue records supposed to be returned with the MX records?
> The problem that we are having is that someone will create the following
> records for their domain.
> @ 10800 IN MX 40 smtp.secureserver.net.
> But then some one else will create the domain "secureserver.net" in our
> and point the A record for "smtp" to another IP.
> Now "secureserver.net" is not pointing to our name servers (at the root
> server level) so our servers should never be asked for it. But they are
> some resolvers and it is poisoning everything.
Some MTAs will perform an A record lookup for the domain if they don't get
an MX record reply promptly, then connect to the IP in the A record. So,
if you have
$ host -t mx secureserver.net
secureserver.net mail is handled by 0 smtp.secureserver.net.
$ host -t a secureserver.net
secureserver.net has address 220.127.116.11
$ host -t a smtp.secureserver.net
smtp.secureserver.net has address 18.104.22.168
... then you will undoubtedly get the occasional and unexpected smtp
connection to 22.214.171.124
Is this what you're seeing?
More information about the bind-users