North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: DNS question, null MX records
- From: Mark Andrews
- Date: Tue Dec 15 21:59:28 2009
In message <4B284376.3000800@mail-abuse.org>, Douglas Otis writes:
> On 12/15/09 8:06 AM, Andy Davidson wrote:
> > Eric J Esslinger wrote:
> >> I have a domain that exists solely to cname A records to another domain's
> websites.
> > [...]
> >> I found a reference to a null MX proposal, constructed so:
> >> example.com IN MX 0 .
> > [...]
> >> Question: Is this a valid dns construct or did the proposal die?
> >
> > It's "valid", but you will probably find people still try to spam to
> > machines on the A records, and all of the other weird and wonderful things
> > that spambots try to do to find a path that will deliver mail...
>
> SRV records documented the hostname "." as representing "no service".
> However, errors made by non-RFC-compliant clients still generate a fair
> amount of root traffic attempting to resolve A records for ".". The MX
> record never defined a hostname "." to mean "no service" so it would be
> unwise to expect email clients will interpret this as a special case
> meaning "no service" as well. One might instead consider using:
>
> example.com. IN MX 0 192.0.2.0
> IN MX 10 192.0.2.1
> ...
> IN MX 90 192.0.2.9
Which will expand to:
example.com. IN MX 0 192.0.2.0.example.com.
IN MX 10 192.0.2.1.example.com.
....
IN MX 90 192.0.2.9.example.com.
MX records DO NOT take IP addresses.
> where 192.0.2.0/24 represents a TEST-NET block.
>
> This should ensure traffic will not hit the roots or your servers.
> Assuming a sender tries all of MX addresses listed, they may still
> attempt to resolve A records for example.com. This MX approach will
> affect those failing to validate email prior to acceptance, and, of
> course, spammers.
>
> -Doug
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
|
