blacklisting replies, was: Proper CNAME interpretation
Chuck Swiger
cswiger at mac.com
Wed Sep 14 21:57:58 UTC 2011
Sigh: your mail server is blacklisting email from mac.com.
Begin forwarded message:
> From: postmaster at mac.com
> Date: September 14, 2011 2:53:05 PM PDT
> To: cswiger at mac.com
> Subject: Delivery Notification: Delivery has failed
>
> This report relates to a message you sent with the following header fields:
>
> Message-id: <2BE47D87-8417-4055-8466-F47CD7FDB5AA at mac.com>
> Date: Wed, 14 Sep 2011 14:52:34 -0700
> From: Chuck Swiger <cswiger at mac.com>
> To: "Ronald F. Guilmette" <rfg at tristatelogic.com>
> Subject: Re: Proper CNAME interpretation
>
> Your message cannot be delivered to the following recipients:
>
> Recipient address: rfg at tristatelogic.com
> Reason: Remote SMTP server has rejected address
> Diagnostic code: smtp;550 5.7.1 <asmtpout025.mac.com>: Helo command rejected: Domain mac.com BLACKLISTED - Use http://www.tristatelogic.com/contact.html
> Remote system: dns;server1.tristatelogic.com (TCP|17.148.16.100|49837|69.62.255.118|25) (segfault.tristatelogic.com ESMTP Postfix [2.5.3])
>
> Reporting-MTA: dns;asmtp025-bge351000.mac.com (tcp-daemon)
> Arrival-date: Wed, 14 Sep 2011 14:52:35 -0700 (PDT)
>
> Original-recipient: rfc822;rfg at tristatelogic.com
> Final-recipient: rfc822;rfg at tristatelogic.com
> Action: failed
> Status: 5.7.1 (Remote SMTP server has rejected address)
> Remote-MTA: dns;server1.tristatelogic.com
> (TCP|17.148.16.100|49837|69.62.255.118|25)
> (segfault.tristatelogic.com ESMTP Postfix [2.5.3])
> Diagnostic-code: smtp;550 5.7.1 <asmtpout025.mac.com>: Helo command rejected:
> Domain mac.com BLACKLISTED - Use http://www.tristatelogic.com/contact.html
>
> From: Chuck Swiger <cswiger at mac.com>
> Date: September 14, 2011 2:52:34 PM PDT
> To: "Ronald F. Guilmette" <rfg at tristatelogic.com>
> Cc: bind-users at lists.isc.org
> Subject: Re: Proper CNAME interpretation
>
>
> On Sep 14, 2011, at 2:27 PM, Ronald F. Guilmette wrote:
>> The second part however seems to go more to my question, which is "What is
>> the resolver supposed to do when some knucklehead breaks the rules and puts
>> a CNAME in with some other stuff?"
>
> Depends on which query one issued. The very next paragraph of RFC-1034 is:
>
> "CNAME RRs cause special action in DNS software. When a name server
> fails to find a desired RR in the resource set associated with the
> domain name, it checks to see if the resource set consists of a CNAME
> record with a matching class. If so, the name server includes the CNAME
> record in the response and restarts the query at the domain name
> specified in the data field of the CNAME record. The one exception to
> this rule is that queries which match the CNAME type are not restarted."
>
> In other words, if you ask for an A record, and you get back both a CNAME and an A record, then the A record matches and that's what gethostbyname()/getaddrinfo() or whatever should receive from the resolver. If you asked for an AAAA record, and got that same reply of a CNAME and an A record, then the resolver should chase the CNAME's data field.
>
>> It sure _sounds_ like that second sentence is encouraging any & all people
>> who are writing resolvers, or other related tools, that they should ignore
>> any flotsam & jetsum that appear along side a CNAME. But is that encourage-
>> ment espressed anywhere as a "MUST"?
>
> By no means. You only ought to chase a CNAME if you got a CNAME *instead* of the resource type that you asked for.
>
> Regards,
> --
> -Chuck
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110914/0f7f316c/attachment.html>
More information about the bind-users
mailing list