Wandering Thoughts archives


How not to set up your DNS (part 2)

Today's examples of MX entries are all drawn from domains presented to our mailer in MAIL FROM's over the past 28 days or so. 'sdig' is a script that does a 'dig +short'. Presented in illustrated form:

; sdig mx oakhavenresort.com.
10 mail.
10 mail.oakhavenresort.com.

It's interesting that they get this simultaneously wrong and right. Is the plain 'mail.' supposed to be in some other domain?

; sdig mx ieg.com.br.

Contrary to semi-popular belief, IP addresses are not valid as MX targets and will work on only a few systems.

; sdig mx km.ru
10 mx1.mail.km.ru.

Well, they have their bases covered in the 'hostnames versus IP addresses' debate.

; sdig mx worldmexico.com.
10 mail.worldmexico.com.
; sdig a mail.worldmexico.com.

That IP address is in RFC 1918 address space, so no one outside of worldmexico.com itself will be delivering email to them any time soon.

; sdig mx everymail.net
0 smtp.everymail.net.
10 smtp-c01.everymail.net.
20 smtp-c02.everymail.net.
; sdig a smtp.everymail.net.
; sdig a smtp-c01.everymail.net.
; sdig a smtp-c02.everymail.net.

I consider this the grand prize winner.

Should smtp.everymail.net ever not respond, very odd things start happening. If they are lucky, people simply cannot connect to their backup MXes; however, if the sender is using RFC 1918 10.*.*.* IP addresses internally, email to everymail.net may fly off to some internal machine, possibly to drop into someone's mailbox or bounce explosively.

The good news is that this sort of thing happens only very rarely; 58 domains out of 4,399. (Of course, a certain amount of the other ones simply don't exist.)

Sidebar: People who don't want to get mail

; sdig mx viewdocs.com.
0 dev.null.
; sdig mx headbone.com.

Someday our mailer will reject MAIL FROM: domains that so clearly don't want to get email. More subtle is:

; sdig mx uhaultrailer.com
10 nullmx.uhaultrailer.com.
; sdig a nullmx.uhaultrailer.com.

Department of I'm not sure:

; sdig mx mailbox.co.yu
10 mail.mailbox.co.yu.
; sdig a mail.mailbox.co.yu.

All of 127/8 is the looback address, but most people use (They also have www.mailbox.co.yu pointing at Perhaps they are very definitely not in business any more.)

; sdig mx wickedmail.com.
10 localhost.

That's almost like oakhavenresort.com, except more straightforward.

Puzzling and mysterious is:

; sdig mx cyberpublications.com.
1 bounce.argewebhosting.nl.
2 mx2.argewebhosting.nl.
3 mx3.argewebhosting.nl.
; sdig a bounce.argewebhosting.nl.

But the other two hostnames have valid IP addresses that even respond on the SMTP port and accept email for cyberpublications.com. One would think that argewebhosting.nl could make up its mind; does the domain get mail or not?

sysadmin/HowNotToDoDNSII written at 22:24:49; Add Comment

How not to set up your DNS (part 1)

Presented in illustrations:

; dig +short ns harvest.idv.tw.
; dig +short a harvest.idv.tw.
; dig +short a www.harvest.idv.tw.

To those setting up nameservers: when people said 'have two nameservers', they did not mean 'and feel free to give them the same IP address'.

As a bonus, harvest.idv.tw has probably doubled the amount of time many DNS servers take to give up on them when is having a wee problem.

sysadmin/HowNotToDoDNSI written at 03:10:50; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.