[120279] in North American Network Operators' Group
Re: DNS question, null MX records
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Tue Dec 15 10:36:22 2009
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <D2D37F15EBBD524693E9F3CB32D02080DA9FE824@exchange.corp.fpu-tn.com>
Date: Tue, 15 Dec 2009 10:33:25 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 15, 2009, at 10:17 AM, Eric J Esslinger wrote:
> I have a domain that exists solely to cname A records to another =
domain's websites. There is no MX server for that domain, there is no =
valid mail sent as from that domain. However when I hooked it up I =
immediately started getting bounces and spam traffic attemtping to =
connect to the cnamed A record, which has no inbound mail server (It's =
actually hitting the firewall in front of it). (The domain name is =
actually several years old and has been sitting without dns for a while)
>=20
> I found a reference to a null MX proposal, constructed so:
> example.com IN MX 0 .
>=20
> Question: Is this a valid dns construct or did the proposal die? I =
don't want to cause people problems but at the same time, I don't want =
any of this crap to even attempt to deliver on this domain to any of my =
servers.
It's valid. But if you think all spammers will respect it, you're in =
for a surprise. :(
There is also a recommendation to point the MX at somewhere unroutable =
(192.2.x.x IIRC, but don't quote me on that). This will force the =
spammer / bot to try to connect to something that does not exist and use =
up sockets & resources, hopefully slowing it down. I've also heard that =
pointing the MX at localhost is useful, for reasons that should be =
obvious. The latter has the slight advantage of not making networks =
with a default route carry packets to the DFZ.
I'm sure some will find errors with all three suggestions. I honestly =
don't know which is the best / worst. Personally I'd set up a tiny mail =
server that accepted connections & feed them to /dev/null, or maybe =
forwarded the whole feed to a spam trap or DCC or the like.
--=20
TTFN,
patrick
