John C Klensin <john-i...@jck.com> wrote:
>
> If a particular SMTP implementation is aware of and follows the spec,
> almost any consensus indicator that doesn't conflict with other things
> should be fine --
There are actually more constraints than you imply in your message.
> "."
Has the advantage of being implemented and deployed. Has the disadvantage
of directing useless queries to the root name servers from MTAs that do
not understand null MX records.
> "*******"
MX target names should obey the LDH host name rules. You won't be able to
enter this target into many DNS admin tools since they enforce LDH syntax.
Some nameservers (e.g. BIND) will by default refuse to load a zone with
a non-hostname MX target.
This loses the advantages of a "." target and fails to keep useless
queries away from the root name servers.
> a special name in example.com or example.net,
These domains are reserved for use in examples, not for production
purposes. Are their name servers scaled up enough to handle stray
queries from MTAs that don't understand null MX records?
This question applies to any non-"." target. The reason I suggested using
AS112 was because it is designed for sinking unwanted queries that should
not have leaked out in the first place. But I still prefer to stick with
".".
> Since SMTP prohibits non-ASCII domain names, one might even consider
> something Like "фиктивный.example.com" or "虚假.example.com" (literally,
> not as IDNA A-labels) which would cause many SMTP servers to do
> something nasty that does not involve the DNS.
You are muddling up the IDNA layers here. The MX target comes from the DNS
so if you try to put an IDNA name there it has to be encoded as an A-label
before you put it in the DNS. If you try hard you can put un-encoded UTF-8
in the DNS, but then it would violate the hostname rules in a similar way
to "*******".
It is likely that there are MTAs which do not check that MX targets
actually obey hostname syntax, so this kind of hack is not going to
reliably suppress lookups.
> They will certainly do lookups; how far they will get and whether they
> will requeue and try again depends somewhat on the string chosen
I think it depends more on the MTA's and/or postmaster's attitude to DNS
misconfiguration. Some are quicker to permfail than others.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Irish Sea: South or southeast 4 or 5, becoming variable 3 or 4. Moderate
becoming slight. Rain or thundery showers, fog patches. Moderate or good,
occasionally very poor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
