Multiple A and PTR and the "main" ones?

Reindl Harald h.reindl at thelounge.net
Fri Sep 11 12:36:00 UTC 2015 

STAY ON LIST - the last time i had enough of repeating that a answer on 
a public ML is not a invitation for private support i got moderated...

it is my opinion backed by dealing with DNS and email for many years 
facing all problems left and right we never had because the strict 
policy here that one IP has only one PTR

what "official bad practice" do you need when you can see the problems 
otherwise would not be possible at your own?

and no "gmail.com" (from your second mail) don't prove anything else 
because there is no server on that world using "gmail.com" as outgoing 
mail HELO what is the reason you can safely reject any client which 
pretends to be "gmail.com" in the HELO

[harry at srv-rhsoft:~]$ nslookup mail-ob0-f177.google.com
Server:         127.0.0.1
Address:        127.0.0.1#53
Non-authoritative answer:
Name:   mail-ob0-f177.google.com
Address: 209.85.214.177

[harry at srv-rhsoft:~]$ nslookup 209.85.214.177
Server:         127.0.0.1
Address:        127.0.0.1#53
Non-authoritative answer:
177.214.85.209.in-addr.arpa     name = mail-ob0-f177.google.com.

/^amazon\.com$/                             REJECT Unacceptable HELO 
(Forged)
/^amazon\.de$/                              REJECT Unacceptable HELO 
(Forged)
/^ebay\.at$/                                REJECT Unacceptable HELO 
(Forged)
/^ebay\.com$/                               REJECT Unacceptable HELO 
(Forged)
/^ebay\.de$/                                REJECT Unacceptable HELO 
(Forged)
/^email\.com$/                              REJECT Unacceptable HELO 
(Forged)
/^facebook\.com$/                           REJECT Unacceptable HELO 
(Forged)
/^facebookmail\.com$/                       REJECT Unacceptable HELO 
(Forged)
/^gmail\.com$/                              REJECT Unacceptable HELO 
(Forged)
/^gmx\.at$/                                 REJECT Unacceptable HELO 
(Forged)
/^gmx\.de$/                                 REJECT Unacceptable HELO 
(Forged)
/^gmx\.li$/                                 REJECT Unacceptable HELO 
(Forged)
/^gmx\.net$/                                REJECT Unacceptable HELO 
(Forged)
/^google\.com$/                             REJECT Unacceptable HELO 
(Forged)
/^hotmail\.com$/                            REJECT Unacceptable HELO 
(Forged)
/^hotmail\.fr$/                             REJECT Unacceptable HELO 
(Forged)
/^hotmail\.kg$/                             REJECT Unacceptable HELO 
(Forged)
/^hotmail\.kz$/                             REJECT Unacceptable HELO 
(Forged)
/^hotmail\.ru$/                             REJECT Unacceptable HELO 
(Forged)
/^mail\.com$/                               REJECT Unacceptable HELO 
(Forged)
/^microsoft\.com$/                          REJECT Unacceptable HELO 
(Forged)
/^twitter\.com$/                            REJECT Unacceptable HELO 
(Forged)
/^yahoo\.ca$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.com$/                              REJECT Unacceptable HELO 
(Forged)
/^yahoo\.de$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.dk$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.es$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.fr$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.ie$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.it$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.jp$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.ru$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.se$/                               REJECT Unacceptable HELO 
(Forged)
/^ns[0-9]\.gmail\.com$/                     REJECT Unacceptable HELO 
(Forged)

Am 11.09.2015 um 14:28 schrieb Marek Kozlowski:
> On 09/11/2015 02:22 PM, Reindl Harald wrote:
>>
>> Am 11.09.2015 um 14:14 schrieb Marek Kozlowski:
>>> On 09/11/2015 02:10 PM, Reindl Harald wrote:
>>>
>>>> Am 11.09.2015 um 14:02 schrieb Marek Kozlowski:
>>>>> :-)
>>>>>
>>>>> I have defined several A and PTR records for my main server.
>>>>> Unfortunately, recently I've noticed that some peer servers
>>>>> have problems with rev-resolving my IP (verifying the name
>>>>> and address) if there are too many As and PTRs. I'm wondering
>>>>> if it's possible to specify one A and one PTR as a "main"
>>>>> name (same as hostname) for this server? Yes' I can use a
>>>>> single A and PTR and multiple CNAME's, however I'd prefer the
>>>>> solution with As and PTSs only. Any kind of priority?
>>>>
>>>> no
>>>>
>>>> just don't specifiy more than one PTR for a IP
>>>
>>> Specifying multiple CNAMEs for the same alias is not possible
>>
>> no idea what that means, a CNAME can point to anotehr CNAME in
>> circles
>
> I can't define sth. like this:
>
> somename	IN	CNAME	something1
> somename 	IN 	CNAME	something2
>
> But I can define a few As for `somename' pointing do different IPs.
>
>>> defining more than one PTR for the same IP is possible I believe
>>> there is some reason for it.
>>
>> until now nobody was able to show me one
>
> "I don't know" != "there is no"
>
> ;-)
>
>>> I think sometimes I might be useful. Is it a bad practice?
>>
>> it is a bad practice and leads exactly to the problems you describe
>> when the other side tries to verify A/PTR matching because there is
>> just no ordering like there is also no rodering having multiple A
>> records for the same name with different IP's
>
> Is it you opinion or some ofiicial "bad practice"?
>
> Best regards,
> Marek

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150911/d7a35d9d/attachment.bin>

More information about the bind-users mailing list