On 1 Jul 2020, at 19:37, Peter wrote:
On 1/07/20 11:20 am, Bill Cole wrote:
Can't you just fix the DNS? Use a HELO name that resolves to both IPs
and give both IPs PTR records that point back to the name you use.
This won't work for FCRDNS properly.
That is implementation-dependent. Smart validators of full-circle
reverse DNS will understand that names can resolve via multiple A
records to multiple IPs. Smarter ones will even recognize that an
address can have multiple PTRs.
What happens is the lookup on the A record will randomly return either
one or the other IP address as is appropriate for multiple DNS records
as this is how round-robin DNS works.
Nope. See the man pages for gethostbyname() and getaddrinfo(). Both
return address *lists*. Round-robin DNS works because modern resolvers
randomize the order of addresses in that list and resolver clients
trying to do connections typically use the address list in the order
returned, until one works. Multiple PTRs are a bit less reliable because
getnameinfo() only returns one name, but gethostbyaddr() does return a
main name and a list of aliases, rather than just one name.
So half of the time it will return the correct IP address for the
interface that you're on at the time and the other half it will return
the wrong IP address causing FCRDNS to fail.
No, ALL the time it will return a list of addresses that any
well-designed validator will know to look for.
Note that I have been using multiple-A (and occasionally, but not
currently, multiple-PTR) DNS arrangements for decades and have never had
a problem with claims that my rDNS was not FC except when someone was
trying to validate the name in a SMTP banner (bad idea) and that IP was
a shared NAT IP with 4 PTRs.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)
