[29947] in North American Network Operators' Group
Re: RBL-type BGP service for known rogue networks?
daemon@ATHENA.MIT.EDU (Shawn McMahon)
Mon Jul 10 12:39:11 2000
Date: Mon, 10 Jul 2000 12:36:52 -0400
From: Shawn McMahon <smcmahon@eiv.com>
To: nanog@merit.edu
Message-ID: <20000710123652.A23303@eiv.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe"
Content-Disposition: inline
In-Reply-To: <0127E258EE29D3118A0F00609765B44831789F@subnet-gw-00053.sitestream.net>; from kulriksen@publichost.com on Mon, Jul 10, 2000 at 09:06:49AM -0700
Errors-To: owner-nanog-outgoing@merit.edu
--G4iJoqBmSsgzjUCe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jul 10, 2000 at 09:06:49AM -0700, Karyn Ulriksen wrote:
>=20
> I noticed that in BIND8, DNS gets _VERY_ unhappy if you use a CNAME for
> the zone's MX. Maybe there's something else at work....
We're not talking about MXes here.
Let's be very clear.
We're talking a single workstation with a dynamic IP address.
eiv.com's MX points to a completely different box, by an A record, just
like it's supposed to.
oa.eiv.com's IP address changes periodically, and has a reverse lookup that
is not under my control.
*ANYBODY* running sendmail on a box with a dynamic IP is going to see
this behavior, unless they play magic sed games to change their sendmail
config every time their IP changes. This actually would be doable in my
case, but is hardly expectable of everybody who uses a dynamic IP.
And then there are those MUAs that also act as MTAs, doing their own SMTP
without going through an external server. They can't all be configured
to do what Greg proposes, and who in their right mind would want them to
be?
I've quoted the RFC. It says he MUST NOT (it's emphasis, not mine) do
what he's doing, in unambiguous terms.
Beyond that, I don't really care if I can email him or not. I can email
the rest of the world, except for a few ORBS nuts. No loss.
DNS will resolve "oa.eiv.com" to the exact IP of the box sending the email.
Greg considers that to be "forging a HELO", and equates it as "very
nearly fraud". You'll have to judge for yourself whether or not that's
reasonable.
Frankly, I don't care; I've presented the evidence, everybody can make
their own choices as to whose idea is reasonable. With very few exceptions,
we're all adults here.
--G4iJoqBmSsgzjUCe
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5afukEcl9bQ0RMt0RAqSOAJ0bQgnjwPPM5gQ1+Luull4tKiOCiwCfYbui
BluyQgMFlfE6g3MTu9/e+Ck=
=W540
-----END PGP SIGNATURE-----
--G4iJoqBmSsgzjUCe--
