Need DNS records help for single server (and IP), and multi-domain mail server.
Reindl Harald
h.reindl at thelounge.net
Thu Aug 24 08:07:29 UTC 2017
Am 24.08.2017 um 04:57 schrieb Grant Taylor:
> On 08/23/2017 07:50 PM, Reindl Harald wrote:
>> which means again: additional dns lookups while ip-adresses and ranges
>> are done with a single lookup
>
> Yes, it does mean additional lookups, which there are a finite number of.
>
>> besides it's not true because SPF has nothing to do with PTR and they
>> won't get https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
>> how is that related to the topic at all?
>
> It's my understanding that some SPF implementations will do a reverse
> DNS lookup on the connecting IP and test the name from the PTR record
> against the SPF record of the purported sending domain.
that's not the job of SPF at all and at least no sane implementation
talkin g about mailservers and DNS is using just the PTR without verify
it against the A-recrd *because* you can't froge both but you may
control the PTR records of a random network like we do for our public /24
> Thus the ability for Evil Spammer to arrange for the PTR record of their
> server to return a name that is allowed via SPF
but again: SPF is not about dns names
More information about the bind-users
mailing list