Am 02.10.2016 um 22:42 schrieb David Ford:
On 2016-10-02 12:59, Reindl Harald wrote:
IOW, can a given *IP* appear in more than one A record? I realize
that this does have the problem that the reverses would resolve to
hostX not
test
on IP should only have on PTR - period
avoid anything else than PTR/A-matching if the machine is supposed to
send outbound mail
it is very helpful to have multiple PTR records for an IP on a mail
server so anti-spam engines can accurately make fully verified forward
and reverse lookups not just for DNS but also certificate verification.
which is *exactly* what you break with *multiple* PTR records for a
single IP - seems you don't understand what
https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS really means
mail servers that can't correctly emit the right EHLO for outbound email
should remain in the 1990s.
yes, and your EHLO matches the A record of your IP
which of the multiple PTR's should the receiving server use?
guess what: it uses a random one
one time it matches your EHLO, the next time not
congratulations: you are playing lottery
and yes i had cases where we blocked email because
check_reverse_client_hostname_access when the mailadmin did request a
PTR and the ISP was too dumb to remove the generic one which ended in
some mails hit rules and others not
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
