Am 09.07.20 um 16:38 schrieb Jukka Pakkanen: > Many spammers send in addition to MX to A records, if available. Still, it > is a good practice to not to publish an A record for the mail zone, if not > specifically needed for something else. Of course if it points to somewhere > else than the receiving SMTP server, not much harm done mail-traffic-wise.
why should it be a good practice not publish an A record? nothing better can happen than a spammer trying the wrong server at all as you don't accept random unauthenticated inbound mail on random machines > -----Alkuperäinen viesti----- > Lähettäjä: bind-users <bind-users-boun...@lists.isc.org> Puolesta Matthew > Richardson > Lähetetty: 9. heinäkuuta 2020 16:06 > Vastaanottaja: bind-users <bind-users@lists.isc.org> > Aihe: Re: Dumb Question is an A or AAAA record required? > > On a related issues there were (perhaps long ago) issues if the A record for > a domain had an SMTP server on it, where email could sometimes be delivered > to that A record rather than the MX. I had (again long ago: > 10-15 years) actually seen this occur. > > Do people think that this problem could still occur these days? What sort of > transient (presumably DNS) failure might cause an SMTP server to deliver to A > rather than MX? > >> From: Anand Buddhdev <ana...@ripe.net> >> To: "@lbutlr" <krem...@kreme.com>, bind-users >> <bind-users@lists.isc.org> >> Cc: >> Date: Thu, 9 Jul 2020 14:43:04 +0200 >> Subject: Re: Dumb Question is an A or AAAA record required? > >> On 09/07/2020 14:21, @lbutlr wrote: >> >>> Given a domain that is hosted and used for email and web, is an A >>> record for that domain actually required? >> >> It's not *required*. But see below. >> >>> That is, if bob.tld is hosted by example.com can you simply have >>> >>> NS ns1.example.com >>> NS ns2.example.com >>> MX mx.example.com >>> >>> www CNAME www.example.com >>> >>> Without specifying >>> >>> A 11.22.33.444 >> >> These days, many folk try to reach websites by typing just the bare >> domain name without the "www" prefix. >> >> If a user types "bob.tld" into a browser, the browser will issue an >> address lookup for "bob.tld", causing the resolver to ask for A and >> AAAA records for "bob.tld". If you don't have an A record at the zone >> apex, the browser will not get back any address and display an error >> message for the user. An alert user might try "www.bob.tld" but most >> users are likely to just give up. >> >> So while it's not *required* to have an address record at the apex, >> it's good practice to have one. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
