Multiple A and PTR and the "main" ones?
Marek Kozlowski
kozlowsm at mini.pw.edu.pl
Fri Sep 11 12:42:08 UTC 2015
On 09/11/2015 02:36 PM, Reindl Harald wrote:
> STAY ON LIST - the last time i had enough of repeating that a
> answer on a public ML is not a invitation for private support i got
> moderated...
Oups! Sorry! :-( Sorry! Sorry!
I'm sending this with the whole "history" of our conversation.
> it is my opinion backed by dealing with DNS and email for many
> years facing all problems left and right we never had because the
> strict policy here that one IP has only one PTR
>
> what "official bad practice" do you need when you can see the
> problems otherwise would not be possible at your own?
In the sense: "`best current practice' says something opposite".
BTW: Are we talking on multiple PTRs for mail servers only or multiple
PTRs in general?
Best regards,
/m
> and no "gmail.com" (from your second mail) don't prove anything
> else because there is no server on that world using "gmail.com" as
> outgoing mail HELO what is the reason you can safely reject any
> client which pretends to be "gmail.com" in the HELO
>
> [harry at srv-rhsoft:~]$ nslookup mail-ob0-f177.google.com Server:
> 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer:
> Name: mail-ob0-f177.google.com Address: 209.85.214.177
>
> [harry at srv-rhsoft:~]$ nslookup 209.85.214.177 Server:
> 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer:
> 177.214.85.209.in-addr.arpa name = mail-ob0-f177.google.com.
>
> /^amazon\.com$/ REJECT Unacceptable
> HELO (Forged) /^amazon\.de$/ REJECT
> Unacceptable HELO (Forged) /^ebay\.at$/
> REJECT Unacceptable HELO (Forged) /^ebay\.com$/
> REJECT Unacceptable HELO (Forged) /^ebay\.de$/
> REJECT Unacceptable HELO (Forged) /^email\.com$/
> REJECT Unacceptable HELO (Forged) /^facebook\.com$/
> REJECT Unacceptable HELO (Forged) /^facebookmail\.com$/
> REJECT Unacceptable HELO (Forged) /^gmail\.com$/
> REJECT Unacceptable HELO (Forged) /^gmx\.at$/
> REJECT Unacceptable HELO (Forged) /^gmx\.de$/
> REJECT Unacceptable HELO (Forged) /^gmx\.li$/
> REJECT Unacceptable HELO (Forged) /^gmx\.net$/
> REJECT Unacceptable HELO (Forged) /^google\.com$/
> REJECT Unacceptable HELO (Forged) /^hotmail\.com$/
> REJECT Unacceptable HELO (Forged) /^hotmail\.fr$/
> REJECT Unacceptable HELO (Forged) /^hotmail\.kg$/
> REJECT Unacceptable HELO (Forged) /^hotmail\.kz$/
> REJECT Unacceptable HELO (Forged) /^hotmail\.ru$/
> REJECT Unacceptable HELO (Forged) /^mail\.com$/
> REJECT Unacceptable HELO (Forged) /^microsoft\.com$/
> REJECT Unacceptable HELO (Forged) /^twitter\.com$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.ca$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.com$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.de$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.dk$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.es$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.fr$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.ie$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.it$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.jp$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.ru$/
> REJECT Unacceptable HELO (Forged) /^yahoo\.se$/
> REJECT Unacceptable HELO (Forged) /^ns[0-9]\.gmail\.com$/
> REJECT Unacceptable HELO (Forged)
>
> Am 11.09.2015 um 14:28 schrieb Marek Kozlowski:
>> On 09/11/2015 02:22 PM, Reindl Harald wrote:
>>>
>>> Am 11.09.2015 um 14:14 schrieb Marek Kozlowski:
>>>> On 09/11/2015 02:10 PM, Reindl Harald wrote:
>>>>
>>>>> Am 11.09.2015 um 14:02 schrieb Marek Kozlowski:
>>>>>> :-)
>>>>>>
>>>>>> I have defined several A and PTR records for my main
>>>>>> server. Unfortunately, recently I've noticed that some
>>>>>> peer servers have problems with rev-resolving my IP
>>>>>> (verifying the name and address) if there are too many As
>>>>>> and PTRs. I'm wondering if it's possible to specify one A
>>>>>> and one PTR as a "main" name (same as hostname) for this
>>>>>> server? Yes' I can use a single A and PTR and multiple
>>>>>> CNAME's, however I'd prefer the solution with As and PTSs
>>>>>> only. Any kind of priority?
>>>>>
>>>>> no
>>>>>
>>>>> just don't specifiy more than one PTR for a IP
>>>>
>>>> Specifying multiple CNAMEs for the same alias is not
>>>> possible
>>>
>>> no idea what that means, a CNAME can point to anotehr CNAME in
>>> circles
>>
>> I can't define sth. like this:
>>
>> somename IN CNAME something1 somename IN CNAME
>> something2
>>
>> But I can define a few As for `somename' pointing do different
>> IPs.
>>
>>>> defining more than one PTR for the same IP is possible I
>>>> believe there is some reason for it.
>>>
>>> until now nobody was able to show me one
>>
>> "I don't know" != "there is no"
>>
>> ;-)
>>
>>>> I think sometimes I might be useful. Is it a bad practice?
>>>
>>> it is a bad practice and leads exactly to the problems you
>>> describe when the other side tries to verify A/PTR matching
>>> because there is just no ordering like there is also no
>>> rodering having multiple A records for the same name with
>>> different IP's
>>
>> Is it you opinion or some ofiicial "bad practice"?
>>
>> Best regards, Marek
>
>
>
> _______________________________________________ Please visit
> https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Dr Eng. Marek Kozłowski
Senior Lecturer
Unix and Network Administrator
Warsaw University of Technology
Faculty of Mathematics and Information Sciences
ul. Koszykowa 75,
00-662 Warszawa
POLAND
tel.: +48 601 827 225
e-mail: m.kozlowski at mini.pw.edu.pl
More information about the bind-users
mailing list