On May 13, 2006, at 4:15 PM, netguy wrote:
Hi Again
I thought that I might update this thread. Lots of folks took the
time to reply and/or voice their opinions, thanks. I did not ever get
a definitive answer so I figured that I was treading on new ground;
sorta. It seems to me that nobody really cares if domain.tld has an A
record or not. Note that there is no reason to other than ease of use
for surfers because they are lazy and don't want to type in the www
part. Spammers apparently care as that is used to send spam even
though there are no MX record(s). Sure there are probably legitimate
reasons to have one, but I myself would rather not have the network
traffic banging on my door. I keep up with MIMEDefang, spamassassin
and graylisting, but I can't guarentee that it catches all of the
crap. In my case, by not setting domain.tld with an A record, things
don't happen quite as fast on the mail server which means my network
traffic is less and I conserve bandwidth for normal traffic use.
Please read more about it as I posted to comp.protocols.bind.dns for
wisdom. If you check comp.protocols.bind.dns you can see the posting
and replies with the .subject as 'DNS and MX'. Kevin Darcy is one of
the moderators and has graciously sent my post thru even though I am
not an subscriber.
Why not have:
- domain.tld have an A record (IP addr A)
- web server listens to IP addr A on a virtual network interface. (in
addition to listening to its regular IP addr on whatever other network
interface it already has)
- the only ports listening on IP addr A are the web services (nothing
on port 25, nothing on sshd, nothing on 110, etc.). It can listen to
whatever it wants to on its other IP addr, but on IP addr A it _ONLY_
listens to web services.
- the web services running on IP addr A only offer HTTP level redirects
to the normal web server IP addr (ie. not html tags that redirect, but
actual low level http protocol redirects)
So, Lazy users who connect to http://domain.tld/* will get a redirect
to http://www.domain.tld/* Everyone else, including spammers that
directly connect to domain.tld:25, who try to connect to domain.tld (IP
addr A) will get nothing. Whether or not you want to give an MX record
to domain.tld so that it can route email is entirely optional at that
point.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
