RE: [Exim] Inbound Hosts without valid rDNS

Top Page
Delete this message
Reply to this message
Author: Eli
Date:  
To: 'Exim User's Mailing List'
Subject: RE: [Exim] Inbound Hosts without valid rDNS
Nothing broken about that DNS setup. People seem to have quite the
misconseption about how DNS zones should be set up - point is though that
DNS allows for quite a few different setups, even if some people think
they're "broken".

The cold truth is, that not many people have much, if any, control over
their reverse DNS.

Take for example my hosting company. We offer static IPs for websites, but
we give no control over reverse DNS. To aid our support department in quick
tracing, we have all reverse DNS point to the name of the webserver, however
forward DNS of the various domain names yeilds one of the IPs on the server:

domain.com -> 123.123.123.123
123.123.123.123 -> web1.company.com

As you can see, this can be considered quite broken in DNS land, since you
get back not what you queried in the first place, but the hard truth is -
what's the difference between the "official" name, and any one of its
pointers it may have? Not much when you look at it - any one of those
pointers is valid, and even though reverse DNS does allow you to specify
multiple domains as a reply - that would be giving up information you may
not want, since you have no idea what domain they resolved to get the ip in
the first place. This is pretty much the setup that Wakko described that
you said was "pretty damn useless".

The reason why this sort of setup is quite common, is that if someone says
"my domain isn't working", and you check and confirm, but now want to know
what server its on (since say the server is down so you can't connect to
find out), and the internal db you have which tracks this stuff is either
not available, not existant, or possibly out of date... You can just do a
dns lookup, get the ip and reverse it to find out the server its on - which
is just what we do here, and it works very well.

It seems that since the advent of spammers, people try to take any and all
measures to try and block them. The funny thing is that mail delivery
should depend on only 2 things for DNS - an MX record for new style mail
delivery, and failing an MX record, the ability to at least get the ip of
the domain name after the @ to deliver to it directly. Any other DNS
entries are of no concern to any mail server, so why would people be using
them to block email? It's not like the RFCs state that everyone must have a
matching rDNS entry like it states everyone must have a postmaster account.

-----Original Message-----
From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On Behalf
Of Greg A. Woods
Sent: Monday, December 29, 2003 8:07 PM
To: Exim User's Mailing List
Subject: Re: [Exim] Inbound Hosts without valid rDNS

[ On Monday, December 29, 2003 at 19:07:47 (-0500), Wakko Warner wrote: ]
> Subject: Re: [Exim] Inbound Hosts without valid rDNS
>
> I feel every IP used should have an rDNS and a corresponding DNS.


Good.

> I am not
> saying that the hostname of the server has to be this same DNS name. I'm
> only saying:
> 1.2.3.4 -> blah.dom
> blah.dom -> 1.2.3.4
>
> and the mail server could be using mail.someotherdomain.lan with ip

1.2.3.4

That's pretty damn useless.

Broken reverse DNS is worse than no reverse DNS at all.

--
                        Greg A. Woods


+1 416 218-0098                  VE3TCP            RoboHack
<woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird
<woods@???>


--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##

---
[This E-mail scanned for viruses]



---
[This E-mail scanned for viruses]