MX records for dynamic IP?

[Barry Margolin]

In article <gs8ar1$1rgj$1 at sf1.isc.org>, Kevin Darcy <kcd at chrysler.com> 
wrote:

> Even if it were legal to point MX records at aliases, if that alias 
> points to some dynamic IP, it might be a really bad idea to point your 
> MX there, since, due to caching, some other client who got your old 
> dynamic IP address, could then accidentally receive your email for some 
> period of time, unless you have some sort of crypto authentication.

That problem exists even if you don't go through an alias, e.g.

foo.com. IN MX 10 foo.dyndns.org.

Did you notice that his dynamic A record has a 60-second TTL?  Unless he 
gets lots of mail, I think a one-minute window of vulnerability is 
reasonably safe.  If he has a cable modem service, they typically change 
IPs very rarely.  And the customer who gets your old IP would have to be 
running a mail server, and configure it to accept mail for your address, 
for this to cause mis-delivery.

> If you can run your web services and mail services on *static* IPs that 
> would be preferred. Trying to run this kind of stuff on dynamic IPs is 
> always going to be an uphill battle. Maybe you relish the challenge; 
> most people just want their stuff to work.

Static IPs are typically more expensive than dynamic ones, and that 
extra expense may not be justified for many people.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***