Author: W B Hacker Date: To: exim users Subject: Re: [exim] [OT] Why att.net has DNS failure?
Jethro R Binks wrote: > On Fri, 26 Jan 2007, W B Hacker wrote:
>
>> Understanding that all you want to publish is the mailserver, it is
>> still, just IMNSHO, not necessarily a 'good thing' to have no 'A' record
>> for the bare <domain>.<tld>. i haven't researched whether it is is / is
>> not a standards violation, but lots of things rely on the'A' recpord for
>> the 'raw' <domain>.<tld> and some of these MAY be used by SOME
>> mailservers - ident callouts, to name one.
>
> Ignoring the supposed ident callouts, what other "things" would be relying
> on me having an 'A' record called 'strath.ac.uk'? Other than vetoing the
> idea that we should have a web server answer on that address, I have never
> come across any other use for such.
>
> Indeed, our worthy contributor Peter Bowyer <peter@???> reported a
> few years ago on SPAM-L that MyDoom.O/M sent direct-to-A as well as to MX,
> and noted:
>
> "Time to remove the A record, and (as I should have done ages ago), ACL
> the mailbox server so it only allows SMTP from the MXs."
>
> (assuming that message wasn't a forgery in his name! :)
>
> So I would love to hear of a good reason for needing, or desirability for
> having, an A record called 'strath.ac.uk'.
>
> Jethro.
>
I don't see why/how - given the same IP, the absence of an 'A' record is going
to provide any substantive 'improvement' on that score.
Note even the source you cite said '..as well as to MX', not 'to A records only'.
Not to mention the spambots and other malcode that traverse IP blocks w/o regard
to DNS lookup at all.
What percentage of the alleged 100 million infected WinBoxen have ANY DNS entry?
Surely that lack did not protect THEM from attack.
But one can always apply Tommy Smother's rule 'If you borrow it, break it'.
