[120289] in North American Network Operators' Group
RE: DNS question, null MX records *summary of on list and off list
daemon@ATHENA.MIT.EDU (Eric J Esslinger)
Tue Dec 15 12:52:03 2009
From: Eric J Esslinger <eesslinger@fpu-tn.com>
To: "'nanog@nanog.org'" <nanog@nanog.org>
Date: Tue, 15 Dec 2009 11:51:29 -0600
In-Reply-To: <D2D37F15EBBD524693E9F3CB32D02080DA9FE824@exchange.corp.fpu-tn.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
A. Use a valid domain mapped to an unroutable or loopback instead of the .
I've decided to use 127.0.0.1
B. Set spf -all, for those who bother to check that to stop inbound mail fr=
om your domain.
Already had that in place
C. Donate the spam to someone who would use it.
I can't donate the existing incoming email due to privacy concerns, however=
, project honeypot uses subdomains (foo@bar.example.com) for it's spam trap=
s and wants unused subdomains so it's traps will be 'clean to start'. I'll =
see if I can get that done.
D. Expect some spammers to detect any MX strangeness you use and bypass it =
in favor of your A record.
Understandable, and none of the referenced records in the DNS files accept =
mail from outside, connections are silently dropped at the firewall. This i=
s just an attempt to cut the mess coming in because of the A record down in=
size.
E. Set up an actual mail server routing all mail to /dev/null.
I'd rather just drop the traffic rather than have another service to mainta=
in/secure/update
__________________________
Eric Esslinger
Information Services Manager - Fayetteville Public Utilities
http://www.fpu-tn.com/
(931)433-1522 ext 165
-----Original Message-----
From: Eric J Esslinger [mailto:eesslinger@fpu-tn.com]
Sent: Tuesday, December 15, 2009 9:18 AM
To: 'nanog@nanog.org'
Subject: DNS question, null MX records
I have a domain that exists solely to cname A records to another domain's w=
ebsites. There is no MX server for that domain, there is no valid mail sent=
as from that domain. However when I hooked it up I immediately started get=
ting bounces and spam traffic attemtping to connect to the cnamed A record,=
which has no inbound mail server (It's actually hitting the firewall in fr=
ont of it). (The domain name is actually several years old and has been sit=
ting without dns for a while)
I found a reference to a null MX proposal, constructed so:
example.com IN MX 0 .
Question: Is this a valid dns construct or did the proposal die? I don't wa=
nt to cause people problems but at the same time, I don't want any of this =
crap to even attempt to deliver on this domain to any of my servers.
This message may contain confidential and/or proprietary information and is=
intended for the person/entity to whom it was originally addressed. Any us=
e by others is strictly prohibited.
