Lähettäjä: Jethro R Binks Päiväys: Vastaanottaja: exim users Aihe: Re: [exim] [OT] Why att.net has DNS failure?
On Fri, 26 Jan 2007, W B Hacker wrote:
> Jethro R Binks wrote:
> > On Fri, 26 Jan 2007, W B Hacker wrote:
> >
> >> Understanding that all you want to publish is the mailserver, it is
> >> still, just IMNSHO, not necessarily a 'good thing' to have no 'A' record
> >> for the bare <domain>.<tld>. i haven't researched whether it is is / is
> >> not a standards violation, but lots of things rely on the'A' recpord for
> >> the 'raw' <domain>.<tld> and some of these MAY be used by SOME
> >> mailservers - ident callouts, to name one.
> >
> > Ignoring the supposed ident callouts, what other "things" would be relying
> > on me having an 'A' record called 'strath.ac.uk'? Other than vetoing the
> > idea that we should have a web server answer on that address, I have never
> > come across any other use for such.
> >
> > Indeed, our worthy contributor Peter Bowyer <peter@???> reported a
> > few years ago on SPAM-L that MyDoom.O/M sent direct-to-A as well as to MX,
> > and noted:
> >
> > "Time to remove the A record, and (as I should have done ages ago), ACL
> > the mailbox server so it only allows SMTP from the MXs."
> >
> > (assuming that message wasn't a forgery in his name! :)
> >
> > So I would love to hear of a good reason for needing, or desirability for
> > having, an A record called 'strath.ac.uk'.
> >
> > Jethro.
> >
>
> I don't see why/how - given the same IP, the absence of an 'A' record is
> going to provide any substantive 'improvement' on that score.
>
> Note even the source you cite said '..as well as to MX', not 'to A
> records only'.
>
> Not to mention the spambots and other malcode that traverse IP blocks
> w/o regard to DNS lookup at all.
>
> What percentage of the alleged 100 million infected WinBoxen have ANY
> DNS entry? Surely that lack did not protect THEM from attack.
>
> But one can always apply Tommy Smother's rule 'If you borrow it, break
> it'.
The question isn't "Does removing an A record for a domain's name protect
me from nasties?", it is "What general benefit is there in having one in
the first place?". I could add all sorts of records if I wanted, but why
would I bother when nothing needs to use them? Unless someone can provide
examples of one of these "things" you referred to that apparently "rely"
on one being present.
Regardless of any spam considerations, my question still stands:
> > So I would love to hear of a good reason for needing, or desirability for
> > having, an A record called 'strath.ac.uk'.
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services
University Of Strathclyde, Glasgow, UK