[120302] in North American Network Operators' Group
Re: DNS question, null MX records
daemon@ATHENA.MIT.EDU (Douglas Otis)
Tue Dec 15 21:19:22 2009
Date: Tue, 15 Dec 2009 18:18:30 -0800
From: Douglas Otis <dotis@mail-abuse.org>
To: nanog@nanog.org
In-Reply-To: <4B27B3F7.7060007@nosignal.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/15/09 8:06 AM, Andy Davidson wrote:
> Eric J Esslinger wrote:
>> I have a domain that exists solely to cname A records to another domain's websites.
> [...]
>> I found a reference to a null MX proposal, constructed so:
>> example.com IN MX 0 .
> [...]
>> Question: Is this a valid dns construct or did the proposal die?
>
> It's "valid", but you will probably find people still try to spam to
> machines on the A records, and all of the other weird and wonderful things
> that spambots try to do to find a path that will deliver mail...
SRV records documented the hostname "." as representing "no service".
However, errors made by non-RFC-compliant clients still generate a fair
amount of root traffic attempting to resolve A records for ".". The MX
record never defined a hostname "." to mean "no service" so it would be
unwise to expect email clients will interpret this as a special case
meaning "no service" as well. One might instead consider using:
example.com. IN MX 0 192.0.2.0
IN MX 10 192.0.2.1
...
IN MX 90 192.0.2.9
where 192.0.2.0/24 represents a TEST-NET block.
This should ensure traffic will not hit the roots or your servers.
Assuming a sender tries all of MX addresses listed, they may still
attempt to resolve A records for example.com. This MX approach will
affect those failing to validate email prior to acceptance, and, of
course, spammers.
-Doug
