Multiple A and PTR and the "main" ones?

Marek Kozlowski kozlowsm at mini.pw.edu.pl
Fri Sep 11 12:42:08 UTC 2015 

On 09/11/2015 02:36 PM, Reindl Harald wrote:
> STAY ON LIST - the last time i had enough of repeating that a
> answer on a public ML is not a invitation for private support i got
> moderated...

Oups! Sorry! :-( Sorry! Sorry!

I'm sending this with the whole "history" of our conversation.

> it is my opinion backed by dealing with DNS and email for many
> years facing all problems left and right we never had because the
> strict policy here that one IP has only one PTR
> 
> what "official bad practice" do you need when you can see the
> problems otherwise would not be possible at your own?

In the sense: "`best current practice' says something opposite".
BTW: Are we talking on multiple PTRs for mail servers only or multiple
PTRs in general?

Best regards,
/m

> and no "gmail.com" (from your second mail) don't prove anything
> else because there is no server on that world using "gmail.com" as
> outgoing mail HELO what is the reason you can safely reject any
> client which pretends to be "gmail.com" in the HELO
> 
> [harry at srv-rhsoft:~]$ nslookup mail-ob0-f177.google.com Server:
> 127.0.0.1 Address:        127.0.0.1#53 Non-authoritative answer: 
> Name:   mail-ob0-f177.google.com Address: 209.85.214.177
> 
> [harry at srv-rhsoft:~]$ nslookup 209.85.214.177 Server:
> 127.0.0.1 Address:        127.0.0.1#53 Non-authoritative answer: 
> 177.214.85.209.in-addr.arpa     name = mail-ob0-f177.google.com.
> 
> /^amazon\.com$/                             REJECT Unacceptable
> HELO (Forged) /^amazon\.de$/                              REJECT
> Unacceptable HELO (Forged) /^ebay\.at$/
> REJECT Unacceptable HELO (Forged) /^ebay\.com$/
> REJECT Unacceptable HELO (Forged) /^ebay\.de$/
> REJECT Unacceptable HELO (Forged) /^email\.com$/
> REJECT Unacceptable HELO (Forged) /^facebook\.com$/
> REJECT Unacceptable HELO (Forged) /^facebookmail\.com$/
> REJECT Unacceptable HELO (Forged) /^gmail\.com$/
> REJECT Unacceptable HELO (Forged) /^gmx\.at$/
> REJECT Unacceptable HELO (Forged) /^gmx\.de$/
> REJECT Unacceptable HELO (Forged) /^gmx\.li$/
> REJECT Unacceptable HELO (Forged) /^gmx\.net$/
> REJECT Unacceptable HELO (Forged) /^google\.com$/
> REJECT Unacceptable HELO (Forged) /^hotmail\.com$/
> REJECT Unacceptable HELO (Forged) /^hotmail\.fr$/
> REJECT Unacceptable HELO (Forged) /^hotmail\.kg$/
> REJECT Unacceptable HELO (Forged) /^hotmail\.kz$/
> REJECT Unacceptable HELO (Forged) /^hotmail\.ru$/
> REJECT Unacceptable HELO (Forged) /^mail\.com$/
> REJECT Unacceptable HELO (Forged) /^microsoft\.com$/
> REJECT Unacceptable HELO (Forged) /^twitter\.com$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.ca$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.com$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.de$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.dk$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.es$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.fr$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.ie$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.it$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.jp$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.ru$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.se$/
> REJECT Unacceptable HELO (Forged) /^ns[0-9]\.gmail\.com$/
> REJECT Unacceptable HELO (Forged)
> 
> Am 11.09.2015 um 14:28 schrieb Marek Kozlowski:
>> On 09/11/2015 02:22 PM, Reindl Harald wrote:
>>> 
>>> Am 11.09.2015 um 14:14 schrieb Marek Kozlowski:
>>>> On 09/11/2015 02:10 PM, Reindl Harald wrote:
>>>> 
>>>>> Am 11.09.2015 um 14:02 schrieb Marek Kozlowski:
>>>>>> :-)
>>>>>> 
>>>>>> I have defined several A and PTR records for my main
>>>>>> server. Unfortunately, recently I've noticed that some
>>>>>> peer servers have problems with rev-resolving my IP
>>>>>> (verifying the name and address) if there are too many As
>>>>>> and PTRs. I'm wondering if it's possible to specify one A
>>>>>> and one PTR as a "main" name (same as hostname) for this
>>>>>> server? Yes' I can use a single A and PTR and multiple
>>>>>> CNAME's, however I'd prefer the solution with As and PTSs
>>>>>> only. Any kind of priority?
>>>>> 
>>>>> no
>>>>> 
>>>>> just don't specifiy more than one PTR for a IP
>>>> 
>>>> Specifying multiple CNAMEs for the same alias is not
>>>> possible
>>> 
>>> no idea what that means, a CNAME can point to anotehr CNAME in 
>>> circles
>> 
>> I can't define sth. like this:
>> 
>> somename    IN    CNAME    something1 somename     IN     CNAME
>> something2
>> 
>> But I can define a few As for `somename' pointing do different
>> IPs.
>> 
>>>> defining more than one PTR for the same IP is possible I
>>>> believe there is some reason for it.
>>> 
>>> until now nobody was able to show me one
>> 
>> "I don't know" != "there is no"
>> 
>> ;-)
>> 
>>>> I think sometimes I might be useful. Is it a bad practice?
>>> 
>>> it is a bad practice and leads exactly to the problems you
>>> describe when the other side tries to verify A/PTR matching
>>> because there is just no ordering like there is also no
>>> rodering having multiple A records for the same name with
>>> different IP's
>> 
>> Is it you opinion or some ofiicial "bad practice"?
>> 
>> Best regards, Marek
> 
> 
> 
> _______________________________________________ Please visit
> https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
> 
> bind-users mailing list bind-users at lists.isc.org 
> https://lists.isc.org/mailman/listinfo/bind-users
> 


-- 
Dr Eng. Marek Kozłowski
Senior Lecturer
Unix and Network Administrator
Warsaw University of Technology
Faculty of Mathematics and Information Sciences
ul. Koszykowa 75,
00-662 Warszawa
POLAND
tel.: +48 601 827 225
e-mail: m.kozlowski at mini.pw.edu.pl

More information about the bind-users mailing list