On 2/25/13 7:29 PM, "Tony Finch" <[email protected]> wrote: >Dickson, Brian <[email protected]> wrote: >> >> However, there is another UGLY, EVIL way that might achieve what you're >> thinking of: >> >> Instead of delegating to omniscient AS112 servers, what about doing a >> DNAME to a specific target "foo" (replace "foo" with what you will) in >>the >> DNS tree? > >Like this?
Yes. Except, of course, for AS112 domains, and for some agreed-upon target. While mail servers doing PTR look-up having problems is a potential concern, keep in mind that AS112 is meant to be used for "local"-ish zones, like 10.in-addr.arpa. If a mail server is doing PTR look-up for net-10, in a way that leaks, IMHO, failure _is_ an option. :-) (Hint - public mail servers establishing TCP to/from a net-10 address is already pretty bad. Behind firewalls/closed-doors, net-10 is fine, but reverse DNS on that should be handled both privately and properly.) Brian > >We have had (afaik) one interop problem with this setup: there was a mail >server on a network with DNAMEd reverse DNS, and some recipient sites >objected to this. > >; <<>> DiG 9.9.2-vjs340.03-P1 <<>> @authdns0.csx.cam.ac.uk -x >128.232.255.255 >; (2 servers found) >;; global options: +cmd >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47436 >;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 >;; WARNING: recursion requested but not available > >;; OPT PSEUDOSECTION: >; EDNS: version: 0, flags:; udp: 4096 >;; QUESTION SECTION: >;255.255.232.128.in-addr.arpa. IN PTR > >;; ANSWER SECTION: >255.232.128.in-addr.arpa. >86400 IN DNAME 255.232.128.in-addr.arpa.cam.ac.uk. >255.255.232.128.in-addr.arpa. 86400 >IN CNAME 255.255.232.128.in-addr.arpa.cam.ac.uk. > >;; AUTHORITY SECTION: >in-addr.arpa.cam.ac.uk. 14400 IN SOA authdns0.csx.cam.ac.uk. >hostmaster.ucs.cam.ac.uk. 1361480354 14400 3600 604800 14400 > >;; Query time: 0 msec >;; SERVER: 2001:630:212:8::d:a0#53(2001:630:212:8::d:a0) >;; WHEN: Tue Feb 26 00:25:59 2013 >;; MSG SIZE rcvd: 187 > >Tony. >-- >f.anthony.n.finch <[email protected]> http://dotat.at/ >Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at >first. >Rough, becoming slight or moderate. Showers, rain at first. Moderate or >good, >occasionally poor at first. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
