MNAME not a listed NS record

Vernon Schryver vjs at rhyolite.com
Wed Jan 16 22:05:15 UTC 2013 

> From: Dave Warren <lists at hireahit.com>

> Various online DNS diagnostic tools throw warnings,

Speaking of so called DNS diagnostic tools, one claims that my domains
have DNS servers with "private" network addresses.  My only guess is
that they don't know the difference between IPv6 addresses and
RFC 1918 addresses.  On the other hand, maybe that was random FUD
intended to drum up business, because they've stopped that nonsense
in the last 3 days and without my changing anything.

Another tool claims that ns3.isc-sns.info is "not sending glue" for
one of my domains.

That one is among the several that claim that having a single MX record
is a defect instead of a feature in this century.  (On today's Internet,
where all SMTP clients from which you might want to receive mail can
reach all of your SMTP servers at almost any time and do proper queuing
for during very rare exceptions, one needs only one MX RR.  Unless you
want to load balance millions of messages per day among SMTP servers
on multiple networks, you want a single a MX RR to avoid spam backscatter
without having to synchronize your definition of "valid mailbox" at
the distributed SMPT servers needed in the multiple-MX wisdom of the
previous century....well, there is the exception of bogus MX RRs for
trapping spam.)

Then there is the supposed dire insecurity of answering
`dig ch version.bind txt`

Let's not forget the popular DNS checkers that claim my SMTP servers
are open relays.  Don't ask me about technical connections to DNS
health in seeing whether an SMTP Rcpt_To command is answered with
250_Ok.  The spammers who continually hit my SMTP servers with floods
of checks of common holes in relay authentication and authorization
evidently know that 250_Ok even at the end of a DATA command doesn't
indicate that an SMTP server has relayed anything.


There is a common thread among the bogus DNS health checks from outfits
in the DNS help business and the worst domain registrars.  Their sales
stories are based on the notion that DNS, HTTP, SMTP, and the Internet
in general are too complicated, dangerous, and generally scary for
mere humans to handle, and so you'd better buy their patent medicine.
On the other hand, good outfits simply sell competent services, perhaps
including technical support, but always without acting like proverbial
used car and computer saleslime.


Vernon Schryver    vjs at rhyolite.com

More information about the bind-users mailing list