Wrong glue records entered.

Kerry Thompson kerry at security.geek.nz
Tue Jan 18 02:38:02 UTC 2005


Steven Job said:
> Are glue records supposed to be returned with the MX records?
>
> The problem that we are having is that someone will create the following
> MX
> records for their domain.
> @             10800   IN      MX      40 smtp.secureserver.net.
>
> But then some one else will create the domain "secureserver.net" in our
> system
> and point the A record for "smtp" to another IP.
> Now "secureserver.net" is not pointing to our name servers (at the root
> name
> server level) so our servers should never be asked for it.  But they are
> by
> some resolvers and it is poisoning everything.

Some MTAs will perform an A record lookup for the domain if they don't get
an MX record reply promptly, then connect to the IP in the A record. So,
if you have

$ host -t mx secureserver.net
secureserver.net mail is handled by 0 smtp.secureserver.net.
$ host -t a secureserver.net
secureserver.net has address 64.202.188.208
$ host -t a smtp.secureserver.net
smtp.secureserver.net has address 64.202.166.12

... then you will undoubtedly get the occasional and unexpected smtp
connection to 64.202.188.208

Is this what you're seeing?

Kerry





More information about the bind-users mailing list