Michelle Konzack wrote:
Hello *,
I have a ZONE like
----[ code 'dig @ns1.xxxxxxxxxxx.com www.tamay-dogan.net ALL' ]--------
; <<>> DiG 9.5.1-P1 <<>> @ns1.xxxxxxxxxxx.com www.tamay-dogan.net ALL
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4451
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 4
;; QUESTION SECTION:
;www.tamay-dogan.net. IN A
;; ANSWER SECTION:
www.tamay-dogan.net. 60 IN CNAME tamay-dogan.homelinux.net.
tamay-dogan.homelinux.net. 60 IN A 78.43.17.74
;; AUTHORITY SECTION:
homelinux.net. 86400 IN NS ns1.dyndns.org.
homelinux.net. 86400 IN NS ns2.dyndns.org.
homelinux.net. 86400 IN NS ns3.dyndns.org.
homelinux.net. 86400 IN NS ns4.dyndns.org.
homelinux.net. 86400 IN NS ns5.dyndns.org.
;; ADDITIONAL SECTION:
ns2.dyndns.org. 81538 IN A 204.13.249.75
ns3.dyndns.org. 81538 IN A 208.78.69.75
ns4.dyndns.org. 81538 IN A 91.198.22.75
ns5.dyndns.org. 81538 IN A 203.62.195.75
;; Query time: 479 msec
;; SERVER: 62.xxx.xx.4#53(62.xxx.xx.4)
;; WHEN: Thu Apr 16 23:34:08 2009
;; MSG SIZE rcvd: 253
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47371
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ALL. IN A
;; AUTHORITY SECTION:
. 8042 IN SOA a.root-servers.net.
nstld.verisign-grs.com. 2009041600 1800 900 604800 86400
;; Query time: 326 msec
;; SERVER: 62.xxx.xx.4#53(62.xxx.xx.4)
;; WHEN: Thu Apr 16 23:34:08 2009
;; MSG SIZE rcvd: 96
------------------------------------------------------------------------
plus
----[ command 'dig @ns1.xxxxxxxxxxx.com www.tamay-dogan.net MX' ]------
; <<>> DiG 9.5.1-P1 <<>> @ns1.xxxxxxxxxxx.com tamay-dogan.net MX
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40181
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; QUESTION SECTION:
;tamay-dogan.net. IN MX
;; ANSWER SECTION:
tamay-dogan.net. 60 IN MX 10 webmail.xxxxxxxxxxx.com.
;; AUTHORITY SECTION:
tamay-dogan.net. 60 IN NS ns1.xxxxxxxxxxx.com.
tamay-dogan.net. 60 IN NS ns2.xxxxxxxxxxx.com.
;; ADDITIONAL SECTION:
webmail.xxxxxxxxxxx.com. 17 IN A 62.xxx.xx.10
ns1.xxxxxxxxxxx.com. 17 IN A 62.xxx.xx.4
ns2.xxxxxxxxxxx.com. 17 IN A 62.xxx.xx.8
;; Query time: 139 msec
;; SERVER: 62.xxx.xx.4#53(62.xxx.xx.4)
;; WHEN: Thu Apr 16 23:30:50 2009
;; MSG SIZE rcvd: 156
------------------------------------------------------------------------
and it is working... (at least for the Webstuff since my ZONE is
currently pointing to my old hoster and I am waiting for the DNS record
change)
What I like to know is, whether I can use MX records like
60 IN MX 10 mail.tamay-dogan.net.
60 IN MX 20 webmail.xxxxxxxxxxx.com.
because <mail.tamay-dogan.net> is pointing to a CNAME record and NOT an
A record. It it works I would not bother my "helper" called xxxxxxxxxxx
with 3000 messages per day...
No, you need to point MX records at "canonical" names, not aliases.
Even if it were legal to point MX records at aliases, if that alias
points to some dynamic IP, it might be a really bad idea to point your
MX there, since, due to caching, some other client who got your old
dynamic IP address, could then accidentally receive your email for some
period of time, unless you have some sort of crypto authentication.
Similar considerations apply to running a webserver on a dynamic IP, of
course, but it is much more common to see SSL implemented in a webserver
than for comparable protection (e.g. TLS) to be set up in a mail server
or between mail servers.
If you can run your web services and mail services on *static* IPs that
would be preferred. Trying to run this kind of stuff on dynamic IPs is
always going to be an uphill battle. Maybe you relish the challenge;
most people just want their stuff to work.
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
