Re: Multiple A and PTR and the "main" ones?

Fri, 11 Sep 2015 05:37:01 -0700

STAY ON LIST - the last time i had enough of repeating that a answer on a public ML is not a invitation for private support i got moderated...
it is my opinion backed by dealing with DNS and email for many years facing all problems left and right we never had because the strict policy here that one IP has only one PTR 


what "official bad practice" do you need when you can see the problems 
otherwise would not be possible at your own?



and no "gmail.com" (from your second mail) don't prove anything else 
because there is no server on that world using "gmail.com" as outgoing 
mail HELO what is the reason you can safely reject any client which 
pretends to be "gmail.com" in the HELO


[harry@srv-rhsoft:~]$ nslookup mail-ob0-f177.google.com
Server:         127.0.0.1
Address:        127.0.0.1#53
Non-authoritative answer:
Name:   mail-ob0-f177.google.com
Address: 209.85.214.177

[harry@srv-rhsoft:~]$ nslookup 209.85.214.177
Server:         127.0.0.1
Address:        127.0.0.1#53
Non-authoritative answer:
177.214.85.209.in-addr.arpa     name = mail-ob0-f177.google.com.


/^amazon\.com$/                             REJECT Unacceptable HELO 
(Forged)
/^amazon\.de$/                              REJECT Unacceptable HELO 
(Forged)
/^ebay\.at$/                                REJECT Unacceptable HELO 
(Forged)
/^ebay\.com$/                               REJECT Unacceptable HELO 
(Forged)
/^ebay\.de$/                                REJECT Unacceptable HELO 
(Forged)
/^email\.com$/                              REJECT Unacceptable HELO 
(Forged)
/^facebook\.com$/                           REJECT Unacceptable HELO 
(Forged)
/^facebookmail\.com$/                       REJECT Unacceptable HELO 
(Forged)
/^gmail\.com$/                              REJECT Unacceptable HELO 
(Forged)
/^gmx\.at$/                                 REJECT Unacceptable HELO 
(Forged)
/^gmx\.de$/                                 REJECT Unacceptable HELO 
(Forged)
/^gmx\.li$/                                 REJECT Unacceptable HELO 
(Forged)
/^gmx\.net$/                                REJECT Unacceptable HELO 
(Forged)
/^google\.com$/                             REJECT Unacceptable HELO 
(Forged)
/^hotmail\.com$/                            REJECT Unacceptable HELO 
(Forged)
/^hotmail\.fr$/                             REJECT Unacceptable HELO 
(Forged)
/^hotmail\.kg$/                             REJECT Unacceptable HELO 
(Forged)
/^hotmail\.kz$/                             REJECT Unacceptable HELO 
(Forged)
/^hotmail\.ru$/                             REJECT Unacceptable HELO 
(Forged)
/^mail\.com$/                               REJECT Unacceptable HELO 
(Forged)
/^microsoft\.com$/                          REJECT Unacceptable HELO 
(Forged)
/^twitter\.com$/                            REJECT Unacceptable HELO 
(Forged)
/^yahoo\.ca$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.com$/                              REJECT Unacceptable HELO 
(Forged)
/^yahoo\.de$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.dk$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.es$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.fr$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.ie$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.it$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.jp$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.ru$/                               REJECT Unacceptable HELO 
(Forged)
/^yahoo\.se$/                               REJECT Unacceptable HELO 
(Forged)
/^ns[0-9]\.gmail\.com$/                     REJECT Unacceptable HELO 
(Forged)


Am 11.09.2015 um 14:28 schrieb Marek Kozlowski:

On 09/11/2015 02:22 PM, Reindl Harald wrote:


Am 11.09.2015 um 14:14 schrieb Marek Kozlowski:

On 09/11/2015 02:10 PM, Reindl Harald wrote:


Am 11.09.2015 um 14:02 schrieb Marek Kozlowski:

:-)

I have defined several A and PTR records for my main server.
Unfortunately, recently I've noticed that some peer servers
have problems with rev-resolving my IP (verifying the name
and address) if there are too many As and PTRs. I'm wondering
if it's possible to specify one A and one PTR as a "main"
name (same as hostname) for this server? Yes' I can use a
single A and PTR and multiple CNAME's, however I'd prefer the
solution with As and PTSs only. Any kind of priority?


no

just don't specifiy more than one PTR for a IP


Specifying multiple CNAMEs for the same alias is not possible


no idea what that means, a CNAME can point to anotehr CNAME in
circles


I can't define sth. like this:

somename        IN      CNAME   something1
somename        IN      CNAME   something2

But I can define a few As for `somename' pointing do different IPs.


defining more than one PTR for the same IP is possible I believe
there is some reason for it.


until now nobody was able to show me one


"I don't know" != "there is no"

;-)


I think sometimes I might be useful. Is it a bad practice?


it is a bad practice and leads exactly to the problems you describe
when the other side tries to verify A/PTR matching because there is
just no ordering like there is also no rodering having multiple A
records for the same name with different IP's


Is it you opinion or some ofiicial "bad practice"?

Best regards,
Marek





Attachment:
signature.asc

Description: OpenPGP digital signature


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users





















					Reply via email to