Need DNS records help for single server (and IP), and multi-domain mail server.

Reindl Harald h.reindl at thelounge.net
Thu Aug 24 08:07:29 UTC 2017



Am 24.08.2017 um 04:57 schrieb Grant Taylor:
> On 08/23/2017 07:50 PM, Reindl Harald wrote:
>> which means again: additional dns lookups while ip-adresses and ranges
>> are done with a single lookup
> 
> Yes, it does mean additional lookups, which there are a finite number of.
> 
>> besides it's not true because SPF has nothing to do with PTR and they
>> won't get https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
>> how is that related to the topic at all?
> 
> It's my understanding that some SPF implementations will do a reverse
> DNS lookup on the connecting IP and test the name from the PTR record
> against the SPF record of the purported sending domain.

that's not the job of SPF at all and at least no sane implementation 
talkin g about mailservers and DNS is using just the PTR without verify 
it against the A-recrd *because* you can't froge both but you may 
control the PTR records of a random network like we do for our public /24

> Thus the ability for Evil Spammer to arrange for the PTR record of their
> server to return a name that is allowed via SPF

but again: SPF is not about dns names


More information about the bind-users mailing list