out of place mx records.

Mark Andrews marka at isc.org
Fri Nov 12 14:24:54 UTC 2010 

In message <20101112135657.GB22735 at fantomas.sk>, Matus UHLAR - fantomas writes:
> On 29.10.10 12:49, Mark Andrews wrote:
> > And they can do a SMTP level rejection rather than waiting for the
> > sending server to abandon sending the email due to multiple timeouts.
> > Just return 550 for all mail directed to users at those hosts.   It
> > would be nice if we could standardise a MX target of "." as saying
> > that this domain doesn't accept email e.g. "MX 0 ." the same way
> > as "SRV 0 0 0 ." means that there is no service for the named
> > protocol.  That way the sending MTA or the MSA can reject the email.
> > 
> > Every time it get suggested people shoot it down worrying about
> > private nets that have addresses at "." or get worried about thousands
> > of machines making A/AAAA queries for "." where the MTA doesn't
> > check that the MX target is a valid host name.
> 
> the same would apply for any other hostname not recognized by mailservers.
> Even localhost, if some servers do not contain zone for it.
> 
> Technically the best solution would be dropping fallback for A address,
> however it's apparently unapplicable (or would take years).
> 
> BTW.
> 
> I was told that "." is not a valid hostname and that it causes DNSSEC
> problems, at least with debian's named (9.6 ESV now, 9.5.1 before)
> ... can you confirm this?

"." isn't a valid hostname but named will accept it as a place holder.

% named-checkzone example test
test:1: no TTL specified; using SOA MINTTL instead
zone example/IN: example/MX '.' (out of zone) has no addresses records (A or AAAA)
zone example/IN: loaded serial 0
OK
% cat test
@ IN SOA . . 0 0 0 0 0
@ IN NS .
@ IN MX 10 .
% 

It's easy enough to remove the address checks for ".".

DNSSEC doesn't care about valid hostnames.

> -- 
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Support bacteria - they're the only culture some people have. 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list