How not to set up your DNS (part 21)
This one is creative, and best presented in point form.
- the nameservers for
co.
are ns1.cctld.co through ns6.cctld.co. - if you query them for the NS records of hotmail.co, all of them
point you to NS1.MSFT.NET., NS2.MSFT.NET., and NS5.MSFT.NET.
(They do this slightly oddly, with the aa bit unset, but nameservers for other important zones also do this so I assume that it's the modern style.)
- if you ask any of these MSFT.NET nameservers for the A record
for
www.hotmail.co
orhotmail.co
, you get answers (with the aa bit set, as you'd expect from an authoritative nameserver). - if you ask any of these MSFT.NET nameservers for MX, NS, or SOA
records for
hotmail.co
, you get an interesting reply:
flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; AUTHORITY SECTION:
. 3600 IN SOA ns1.msft.net. msnhst.microsoft.com. 2009082101 900 600 86400 3600
;; ADDITIONAL SECTION:
ns1.msft.net. 3600 IN A 65.55.37.62
(For bonus weirdness, whether or not you get the A record for ns1.msf.net depends on what query you're making; MX and NS queries do not, but SOA queries do.)
We've seen grandiose claims of authority
before, and it doesn't work any better this time than it did
before. Specifically, if you do MX lookups on hotmail.co
, your DNS
server will almost certainly give you a 'cannot resolve this right
now' temporary failure result. This is kind of important because
hotmail.co
is one omitted letter away from hotmail.com
and thus runs
into my small wish for parked domains.
I guess I'm going to have to add another entry to our list of typo'd email domains that should have their email bounce explicitly.
(That hotmail.co
has a working A record doesn't help; if an MX
record lookup returns a temporary failure, a mailer must retry the
MX lookup instead of falling back to the A record. It can only fall
back to the A record if there is a definite 'no MX record' answer.
Not that falling back to the A records would help in this case, as
hotmail.co
's IP addresses currently block SMTP connection attempts.)
(It's been a while since the last installment.)
Comments on this page:
|
|