Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Reverse DNS Delegatation
- Date: Fri, 19 Jul 2013 13:03:53 +0900
- From: Curt Sampson <cjs@example.com>
- Subject: Re: [tlug] Reverse DNS Delegatation
- References: <20130718050249.GD4297@skeptic.cynic.net> <51E81045.2080807@fgs.eti.br>
- User-agent: Mutt/1.5.21 (2010-09-15)
On 2013-07-18 12:56 -0300 (Thu), SCHWARTZ, Fernando G. wrote:
> I agree with your comments except for the fact that there is little
> workaround to a properly configured "rDNS" record. By properly I mean
> one matching your domain.
>
> You can't expect your modern/secure mailserver to run smoothly without one.
Well, I think I disagree, since I've been running for years what I
believe is a "modern/secure mailserver" with an in-addr.arpa PTR record
that is not pointing to a name in a domain I own.
But let's examine this in detail, because I'm interested in learning
exactly what you're saying here, and what the disadvantages of my
arrangement are. Here's an example configuration to which we can refer;
feel free to extend the example if you feel the need.
I have a server, "alice", which sends and receives mail for my two
domains, "alice.com" and "bob.com." (I run the DNS for these domains.)
I purchase connectivity from two ISPs, "frank.com" and "george.com".
The following DNS entries are maintained by me and the two ISPs
respectively:
alice.alice.com. A 1.2.3.4
alice.alice.com. A 5.6.7.8
alice.com. MX alice.alice.com.
bob.com. MX alice.alice.com.
customer4.frank.com. A 1.2.3.4
4.3.2.1.in-addr.arpa. PTR customer4.frank.com.
customer8.george.com. A 5.6.7.8
8.7.6.5.in-addr.arpa. PTR customer8.george.com.
The major advantage I see to the above arrangement is that the PTR and A
record pair are both controlled by the ISP (both generated from the same
database, if the ISP is at all competent), and thus no co-ordination is
required between me and an ISP for the in-addr.arpa record for the IP
address supplied by that ISP.
Now, as I understand it, you don't like this arrangement, and feel that
there's some advantage to having the PTR records instead have the value
"alice.alice.com." Why, precisely is this? What makes it worth the extra
hassle and chance of misconfiguration?
cjs
--
Curt Sampson <cjs@example.com> +81 90 7737 2974
To iterate is human, to recurse divine.
- L Peter Deutsch
- Follow-Ups:
- Re: [tlug] Reverse DNS Delegatation
- From: Pier Fumagalli
- Re: [tlug] Reverse DNS Delegatation
- From: SCHWARTZ, Fernando G.
- Re: [tlug] Reverse DNS Delegatation
- References:
- Re: [tlug] Reverse DNS Delegatation
- From: Curt Sampson
- Re: [tlug] Reverse DNS Delegatation
- From: SCHWARTZ, Fernando G.
- Re: [tlug] Reverse DNS Delegatation
- Prev by Date: Re: [tlug] Reverse DNS Delegatation
- Next by Date: [tlug] Wakame Users Group
- Previous by thread: Re: [tlug] Reverse DNS Delegatation
- Next by thread: Re: [tlug] Reverse DNS Delegatation
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |