RE: [Exim] Inbound Hosts without valid rDNS

Góra strony
Delete this message
Reply to this message
Autor: Exim User's Mailing List
Data:  
Dla: eli
CC: Exim User's Mailing List
Temat: RE: [Exim] Inbound Hosts without valid rDNS
[ On Tuesday, December 30, 2003 at 11:38:29 (-0500), Eli wrote: ]
> Subject: RE: [Exim] Inbound Hosts without valid rDNS
>
> Well regardless what anyone thinks about DNS or how it should or ever will
> reverse (and as much as I think Greg should stop cutting people down and be
> a bit more constructive with his critism


Well if you've acually read all of what I've written on the subject then
you will know that I always do include constructive criticism in my
replies. Always. I did so even in my first short reply to Wakko,
though it was cleverly disguised. :-)

If you knew what I was thinking when I wrote my replies then you'd also
know that I try VERY hard not to resort to ad hominem attacks.

Unfortunately some folks don't seem to care to even try to learn
anything from what I write and so my attempts at constructive criticism
eventually degrade into repetition. That repetition is most certainly
not directed at other regular readers of this forum. :-)

> 1) this topic has gone way off base from what this mailing list is for.


Hardly -- this topic is repeatedly bantered about in relation to how to
use Exim to achieve various goals. It seems it is complex enough that
many people fail to understand all of the implications and limitations
and get sucked into taking various extreme positions.

> 2) nobody has control over someone elses DNS or reverse DNS either,


That's totally false. (unless your meaning got scrambled too much by
the words you chose to use)

> Also, the 2 main differing opinions/arguments are coming from people with
> different perspectives on it. I come from the large company perspective
> (and I think Wakko may come from there as well), and Greg and Tony seem to
> come from the end user perspective where they expect to get full control
> over everything.


Well actually there are at least four positions various people take
w.r.t. this issue of the reverse DNS and SMTP:

    1. there are those who totally ignore reverse DNS, and among
       them are those who think everyone else should do likewise.


    2. there are those who have failed to excercise due diligence in
       their choice of ISP and have been saddled with non-functional
       reverse DNS and have come to realize the problems this
       causes.  This group breaks down into three subgroups:


        a. those who do something about it.


        b. those who put up with it.


        c. those who whine and complain about the situation
           they've created for themselves.


    3. there are those who want to see reverse DNS for every SMTP
       client connecting to their mailers, but they don't give a
       hoot about what it says just as long as it says something.


    4. and then there are those of us such as myself who accept the
       fact that not every IP network has implemented reverse DNS,
       but for those that do we instist that it be at least valid
       and correct (as otherwise what's the point?  publishing your
       ignorance, apathy, and/or laziness?).  Some of use go further
       and inist that it be complete too, but then some of us don't
       mind keeping everyone on their toes.


I'm sure there are more, but those are the primary and most vocal
factions.

> And even if everyone makes peace and DNS is always set up "properly", what
> happens in the exact scenario that Wakko mentioned in the first place which
> nobody seems to have acknolwedged:
>
> I have a system, it will be called "server.domain.com". It hosts my
> website, and it also hosts my email. It has IP 10.0.0.1. You'd all say
> that reverse DNS for 10.0.0.1 should return "server.domain.com" - which so
> far would be correct. Now say I make a pointer for that system called
> "mail.domain.com" since it also hosts mail, and I want it to have a
> different name when dealing with email. Now what happens with reverse DNS?


If you do that then at that point your reverse DNS becomse incomplete.
It is still valid (by some definitions), but it is not complete.

You've apparently missed out on some critical points I've made in almost
all of the previous discussions on this topic.

You must have a valid PTR at a given node in the reverse DNS for _every_
hostname that points to the address from which that reverse DNS domain
name is derived.

The reverse DNS is intended, and indeed was designed, to be fully
symmetrical. I.e. it should look like this

    www.domain.example.    IN A    10.0.0.1
    mail.domain.example.    IN A    10.0.0.1


    1.0.0.10.in-addr.arpa.    IN PTR    www.domain.example.
    1.0.0.10.in-addr.arpa.    IN PTR    mail.domain.example.


See, for instance, this real-world, working, correct and complete, example:

    $ host -i 204.92.254.2
    2.254.92.204.in-addr.arpa       PTR     most.weird.com
    2.254.92.204.in-addr.arpa       PTR     mail.weird.com
    $ host most.weird.com
    most.weird.com          A       204.92.254.2
    $ host mail.weird.com
    mail.weird.com          A       204.92.254.2


It's been that way ever since that IP address was first used by a host
on my network -- getting on near a decade now I think.

> A few direct quotes from RFC1035


You seem to need to learn a whole lot more yet aout RFCs (and other IETF
documents) and how they apply to the real world. All of your quotes are
irrelevant in this context.

--
                        Greg A. Woods


+1 416 218-0098                  VE3TCP            RoboHack <woods@???>
Planix, Inc. <woods@???>          Secrets of the Weird <woods@???>