[ On Sunday, June 29, 2003 at 07:54:46 (-0700), Christopher Allen [BigFatPipe.Net] wrote: ]
> Subject: Re: [Exim] how to configure HELO/EHLO and DNS for multi-homed hosts
>
> On Fri, 27 Jun 2003, Greg A. Woods wrote:
> > > 216.168.1.22 is trinity.ranger.supernews.net
> > > 216.168.2.22 is trinity.delta.supernews.net
> >
> > This is all fine and good. However should you choose to do the right
> > thing and define a third name that your mailer can use regardless of
> > which source address is assigned to its connection then you'll need to
> > add two more PTRs, one for each address, each of which point to the new
> > third name. Let us say, for example, the new third name you choose is
> > "smtpout.supernews.net" then you would add these records to your DNS:
> >
> > smtpout.supernews.net A 216.168.1.22
> > smtpout.supernews.net A 216.168.2.22
> >
> > 22.1.168.216.in-addr.arpa PTR smtpout.supernews.net
> > 22.2.168.216.in-addr.arpa PTR smtpout.supernews.net
> >
> > You would then configure your mailer to use the principal name
> > "smtpout.supernews.net" for all HELO commands.
> >
> > Then all would be correct and complete, both for Reverse DNS and for SMTP.
>
> Except that you've got this backwards, based on your own arguments about
> principal host names. The principal host names in this case would be
> trinity.ranger.supernews.net. and trinity.delta.supernews.net. THOSE are
> the names which need to exist properly in forward DNS, not a multihomed
> service name such as smtpout.supernews.net.
No, you've mis-interpreted the meaning of "a valid principal host domain
name" in the context of the HELO/EHLO greeting as defined in the RFCs.
Note first the very careful use of the word "a" in that phrase. It is
very carefully written that way since of course a host may have many
principal host domain names in the DNS. Those names may represent one
or many addresses with any given address having multiple possible names.
(and of course "name" in this case implies the full name -- i.e. the
multiple names do not have to be within the same zone)
The definition of a valid principal host domain name is _only_ that the
name can be resolved to an (any) "A" record which points to an address
matching the source address of an SMTP connection originating from that
host. A host domain name may resolve to multiple A records. There is
no such thing as an "official" hostname in the DNS. Indeed there is no
real concept of "host" as we think of it in the DNS -- only interface
network addresses are represented in the DNS and multiple names are
allowed for any address (thus Andrew's multi-homed host is a perfectly
valid construct to represent in the way I've shown)
Do not forget that the DNS is not a simple table structure -- it is a
graph and at each node there may be multiple records with multiple types
and with multiple unique values per type, (with the main exception that
only one lone CNAME record may inhabit any one node, and logically there
can only be one value in any node for SOA (and perhaps LOC as well)).
Likewise please remember that any one given address may have many names
via the Reverse DNS (i.e. multiple PTRs are valid and necessary). If
your DNS graph doesn't have a complete set of bi-directional links
between your A records and your PTR records then your DNS graph is
broken and your reverse DNS is useless for all but the most trivial of
applications.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>
