[120366] in North American Network Operators' Group
Re: DNS question, null MX records
daemon@ATHENA.MIT.EDU (Tony Finch)
Fri Dec 18 06:47:56 2009
Date: Fri, 18 Dec 2009 11:46:39 +0000
From: Tony Finch <dot@dotat.at>
To: James Hess <mysidia@gmail.com>
In-Reply-To: <6eb799ab0912172126g1eac7e49ve8f803552f6dbd82@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, 17 Dec 2009, James Hess wrote:
> Other tricks may be more obscure, will be less obvious that you don't
> want mail, and may look like a mistake -- you might even get visitors to
> your domain contacting you to report the broken MX record.
I think that's true with the suggestions in the rest of your post.
> An alternative to resolving MX to an invalid IP might be to cut to the
> chase and just make further DNS lookups impossible altogether...
> Or for that matter delegate the subdomain to 255.255.255.255.
> The recursive resolvers already have to immediately reject DNS
> delegation to broadcast addresses and the like.
That'll result in a SERVFAIL DNS reply which the MTA will treat as
a temporary failure. Remember the aim is to get MTAs to give up on
undeliverable mail immediately.
Tony.
--
f.anthony.n.finch <dot@dotat.at> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.
