out of place mx records.
Mark Andrews
marka at isc.org
Fri Oct 29 01:49:46 UTC 2010
In message <barmar-ED15C5.21262028102010 at news.eternal-september.org>, Barry Mar
golin writes:
> In article <mailman.585.1288263412.555.bind-users at lists.isc.org>,
> Tony Finch <dot at dotat.at> wrote:
>
> > On Thu, 28 Oct 2010, Gregory Machin wrote:
> > >
> > > My question is why would "IN MX 10 mcvpemr01" and "IN MX
> > > 10 mcvpemr02" be repeated trough the zone file surely this is
> > > redundant ?
> >
> > Some hostmasters like to ensure that mail is not directed to hosts that do
> > not listen on SMTP. They prefer misdirected mail to be rejected
> > immediately rather than waiting days for the sending system to time out.
> > Some of my colleagues have this setup on the zones they manage
> > (eng.cam.ac.uk and cl.cam.ac.uk).
>
> But configuring MX records won't necessarily accomplish this. It will
> cause mail for all these hosts to be delivered to mcvpemr01 or mcvpemr02.
And they can do a SMTP level rejection rather than waiting for the
sending server to abandon sending the email due to multiple timeouts.
Just return 550 for all mail directed to users at those hosts. It
would be nice if we could standardise a MX target of "." as saying
that this domain doesn't accept email e.g. "MX 0 ." the same way
as "SRV 0 0 0 ." means that there is no service for the named
protocol. That way the sending MTA or the MSA can reject the email.
Every time it get suggested people shoot it down worrying about
private nets that have addresses at "." or get worried about thousands
of machines making A/AAAA queries for "." where the MTA doesn't
check that the MX target is a valid host name.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list