In message <6bbec3af-4370-4f19-8e01-54f7646d8...@isdg.net>, Hector Santos write s: > > > On Jul 23, 2014, at 9:46 AM, Tony Finch <d...@dotat.at> wrote: > > > > Hector Santos <hsan...@isdg.net> wrote: > >> > >> What has been crossing my mind regarding this NULL MX setup, was the possi > ble > >> privacy issue with NULL MX root domain "Traceability" aspect with legacy M > TAs > >> performing SMTP "Implicit MX" (No MX record, Fallback to A record) logic. > >> What will the A query IP resolved to when the exchange points to the root? > > > > Null MX records suppress fallback-to-A. The target "." does not have any A > > records. http://www.ietf.org/mail-archive/web/dnsop/current/msg12153.html > > So by "suppress" you mean, for the vast wide field of "Null MX" ignorant MTAs > , a positive return of a MX record with a preference of zero, a blind A look > up of "." returns an 0 ip value and this causes an inherent cancellation, "su > ppression" of the outbound attempt?
To me "returns an 0 ip value" means 0.0.0.0 which is incorrect. The lookup returns no ip addresses (unless some locally is overriding the usual result) and without a IP address no connection attempts will be made. A negative caching nameserver will cache this for several hours (up to 24) depending upon how it is configured. For named 3 hours is the defaul max-ncache-ttl. ; <<>> DiG 9.11.0pre-alpha <<>> a . ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31874 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN A ;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014072301 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 24 13:09:20 EST 2014 ;; MSG SIZE rcvd: 103 ; <<>> DiG 9.11.0pre-alpha <<>> aaaa . ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61938 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN AAAA ;; AUTHORITY SECTION: . 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014072301 1800 900 604800 86400 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 24 13:09:31 EST 2014 ;; MSG SIZE rcvd: 103 > I can understand how a supportive MTA can leverage it, but I was thinking wha > t the impact might be for the legacy MTA. > > Not all DNS resolvers return the expansion depending on the API and the cachi > ng servers in play. > > -- > Hector Santos > http://www.santronics.com > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
