Multiple A Records - Followup Question
Reindl Harald
h.reindl at thelounge.net
Sun Oct 2 21:22:44 UTC 2016
Am 02.10.2016 um 22:42 schrieb David Ford:
> On 2016-10-02 12:59, Reindl Harald wrote:
>>
>>> IOW, can a given *IP* appear in more than one A record? I realize
>>> that this does have the problem that the reverses would resolve to
>>> hostX not
>>> test
>>
>> on IP should only have on PTR - period
>>
>> avoid anything else than PTR/A-matching if the machine is supposed to
>> send outbound mail
>
> it is very helpful to have multiple PTR records for an IP on a mail
> server so anti-spam engines can accurately make fully verified forward
> and reverse lookups not just for DNS but also certificate verification.
which is *exactly* what you break with *multiple* PTR records for a
single IP - seems you don't understand what
https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS really means
> mail servers that can't correctly emit the right EHLO for outbound email
> should remain in the 1990s.
yes, and your EHLO matches the A record of your IP
which of the multiple PTR's should the receiving server use?
guess what: it uses a random one
one time it matches your EHLO, the next time not
congratulations: you are playing lottery
and yes i had cases where we blocked email because
check_reverse_client_hostname_access when the mailadmin did request a
PTR and the ISP was too dumb to remove the generic one which ended in
some mails hit rules and others not
More information about the bind-users
mailing list