Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Reverse DNS Delegatation



On 2013-07-18 12:56 -0300 (Thu), SCHWARTZ, Fernando G. wrote:

> I agree with your comments except for the fact that there is little
> workaround to a properly configured "rDNS" record. By properly I mean
> one matching your domain.
> 
> You can't expect your modern/secure mailserver to run smoothly without one.

Well, I think I disagree, since I've been running for years what I
believe is a "modern/secure mailserver" with an in-addr.arpa PTR record
that is not pointing to a name in a domain I own.

But let's examine this in detail, because I'm interested in learning
exactly what you're saying here, and what the disadvantages of my
arrangement are. Here's an example configuration to which we can refer;
feel free to extend the example if you feel the need.

I have a server, "alice", which sends and receives mail for my two
domains, "alice.com" and "bob.com." (I run the DNS for these domains.)
I purchase connectivity from two ISPs, "frank.com" and "george.com".
The following DNS entries are maintained by me and the two ISPs
respectively:

         alice.alice.com.    A  1.2.3.4
         alice.alice.com.    A  5.6.7.8
               alice.com.   MX  alice.alice.com.
                 bob.com.   MX  alice.alice.com.

     customer4.frank.com.    A  1.2.3.4
    4.3.2.1.in-addr.arpa.  PTR  customer4.frank.com.

    customer8.george.com.    A  5.6.7.8
    8.7.6.5.in-addr.arpa.  PTR  customer8.george.com.


The major advantage I see to the above arrangement is that the PTR and A
record pair are both controlled by the ISP (both generated from the same
database, if the ISP is at all competent), and thus no co-ordination is
required between me and an ISP for the in-addr.arpa record for the IP
address supplied by that ISP.

Now, as I understand it, you don't like this arrangement, and feel that
there's some advantage to having the PTR records instead have the value
"alice.alice.com." Why, precisely is this? What makes it worth the extra
hassle and chance of misconfiguration?

cjs
-- 
Curt Sampson         <cjs@example.com>         +81 90 7737 2974

To iterate is human, to recurse divine.
    - L Peter Deutsch


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links