2005-11-26
How not to set up your DNS (part 2)
Today's examples of MX entries are all drawn from domains presented to
our mailer in MAIL FROM's over the past 28 days or so. 'sdig' is a
script that does a 'dig +short'. Presented in illustrated form:
; sdig mx oakhavenresort.com. 10 mail. 10 mail.oakhavenresort.com.
It's interesting that they get this simultaneously wrong and right. Is
the plain 'mail.' supposed to be in some other domain?
; sdig mx ieg.com.br. 10 200.226.132.20.
Contrary to semi-popular belief, IP addresses are not valid as MX targets and will work on only a few systems.
; sdig mx km.ru 10 mx1.mail.km.ru. 100 217.174.96.26.
Well, they have their bases covered in the 'hostnames versus IP addresses' debate.
; sdig mx worldmexico.com. 10 mail.worldmexico.com. ; sdig a mail.worldmexico.com. 192.168.1.111
That IP address is in RFC 1918 address space, so no one outside of worldmexico.com itself will be delivering email to them any time soon.
; sdig mx everymail.net 0 smtp.everymail.net. 10 smtp-c01.everymail.net. 20 smtp-c02.everymail.net. ; sdig a smtp.everymail.net. 212.69.179.11 ; sdig a smtp-c01.everymail.net. 10.0.3.66 ; sdig a smtp-c02.everymail.net. 10.0.3.67
I consider this the grand prize winner.
Should smtp.everymail.net ever not respond, very odd things start happening. If they are lucky, people simply cannot connect to their backup MXes; however, if the sender is using RFC 1918 10.*.*.* IP addresses internally, email to everymail.net may fly off to some internal machine, possibly to drop into someone's mailbox or bounce explosively.
The good news is that this sort of thing happens only very rarely; 58 domains out of 4,399. (Of course, a certain amount of the other ones simply don't exist.)
Sidebar: People who don't want to get mail
; sdig mx viewdocs.com. 0 dev.null. ; sdig mx headbone.com. 10 127.0.0.1.
Someday our mailer will reject MAIL FROM: domains that so clearly
don't want to get email. More subtle is:
; sdig mx uhaultrailer.com 10 nullmx.uhaultrailer.com. ; sdig a nullmx.uhaultrailer.com. 127.0.0.1
Department of I'm not sure:
; sdig mx mailbox.co.yu 10 mail.mailbox.co.yu. ; sdig a mail.mailbox.co.yu. 127.0.0.3
All of 127/8 is the looback address, but most people use 127.0.0.1. (They also have www.mailbox.co.yu pointing at 127.0.0.2. Perhaps they are very definitely not in business any more.)
; sdig mx wickedmail.com. 10 localhost.
That's almost like oakhavenresort.com, except more straightforward.
Puzzling and mysterious is:
; sdig mx cyberpublications.com. 1 bounce.argewebhosting.nl. 2 mx2.argewebhosting.nl. 3 mx3.argewebhosting.nl. ; sdig a bounce.argewebhosting.nl. 127.0.0.1
But the other two hostnames have valid IP addresses that even respond on the SMTP port and accept email for cyberpublications.com. One would think that argewebhosting.nl could make up its mind; does the domain get mail or not?
How not to set up your DNS (part 1)
Presented in illustrations:
; dig +short ns harvest.idv.tw. harvest.idv.tw. www.harvest.idv.tw. ; dig +short a harvest.idv.tw. 219.84.30.59 ; dig +short a www.harvest.idv.tw. 219.84.30.59
To those setting up nameservers: when people said 'have two nameservers', they did not mean 'and feel free to give them the same IP address'.
As a bonus, harvest.idv.tw has probably doubled the amount of time many DNS servers take to give up on them when 219.84.30.59 is having a wee problem.