Wrong glue records entered.
Kerry Thompson
kerry at security.geek.nz
Tue Jan 18 02:38:02 UTC 2005
Steven Job said:
> Are glue records supposed to be returned with the MX records?
>
> The problem that we are having is that someone will create the following
> MX
> records for their domain.
> @ 10800 IN MX 40 smtp.secureserver.net.
>
> But then some one else will create the domain "secureserver.net" in our
> system
> and point the A record for "smtp" to another IP.
> Now "secureserver.net" is not pointing to our name servers (at the root
> name
> server level) so our servers should never be asked for it. But they are
> by
> some resolvers and it is poisoning everything.
Some MTAs will perform an A record lookup for the domain if they don't get
an MX record reply promptly, then connect to the IP in the A record. So,
if you have
$ host -t mx secureserver.net
secureserver.net mail is handled by 0 smtp.secureserver.net.
$ host -t a secureserver.net
secureserver.net has address 64.202.188.208
$ host -t a smtp.secureserver.net
smtp.secureserver.net has address 64.202.166.12
... then you will undoubtedly get the occasional and unexpected smtp
connection to 64.202.188.208
Is this what you're seeing?
Kerry
More information about the bind-users
mailing list