Slightly OT - MX RR Santity Check requested...
SM
sm at resistor.net
Thu Mar 29 05:45:27 UTC 2007
At 19:31 28-03-2007, Kevin P. Knox wrote:
>I'm starting to think that I'm just not explaining this well. The strategy
>I'm trying to explain came straight out of the ORA book, "Building Internet
You explained it well.
>There are two MX RRs for the domain. The most preferred is assigned to the
>heavily defended SMTP server. The less preferred is assigned to the DMZ
You should only have reachable hosts in the MX. I suggest removing
the heavily defended SMTP server entry.
>Sending mail servers query the DNS and attempt a TCP/25 connection
>to the most
>preferred MXer. But this host is blocked by the firewall. So they "should"
>choose the next preferred MX RR and try that server. That server is the DMZ
>mail server.
They should but if they don't do that, you're in trouble.
>I didn't really mean for this to turn into a protracted discussion on DNS and
>SMTP. I'm just trying to find out why a very few sending hosts don't ever
>query past the most preferred MX RRs for our domains.
Because the SMTP server may not be fully RFC-compliant or else it has
a long delay when the MX is unreachable.
It is easy to fix your DNS RRs for the domain.
Regards,
-sm
More information about the bind-users
mailing list