MX records for dynamic IP?
barmar at alum.mit.edu
Thu Apr 16 23:00:13 UTC 2009
In article <gs8ar1$1rgj$1 at sf1.isc.org>, Kevin Darcy <kcd at chrysler.com>
> Even if it were legal to point MX records at aliases, if that alias
> points to some dynamic IP, it might be a really bad idea to point your
> MX there, since, due to caching, some other client who got your old
> dynamic IP address, could then accidentally receive your email for some
> period of time, unless you have some sort of crypto authentication.
That problem exists even if you don't go through an alias, e.g.
foo.com. IN MX 10 foo.dyndns.org.
Did you notice that his dynamic A record has a 60-second TTL? Unless he
gets lots of mail, I think a one-minute window of vulnerability is
reasonably safe. If he has a cable modem service, they typically change
IPs very rarely. And the customer who gets your old IP would have to be
running a mail server, and configure it to accept mail for your address,
for this to cause mis-delivery.
> If you can run your web services and mail services on *static* IPs that
> would be preferred. Trying to run this kind of stuff on dynamic IPs is
> always going to be an uphill battle. Maybe you relish the challenge;
> most people just want their stuff to work.
Static IPs are typically more expensive than dynamic ones, and that
extra expense may not be justified for many people.
Barry Margolin, barmar at alum.mit.edu
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users