Re: Beating the spam filter ...

Ok thanks guys, I'll have a look at that in the morning and try to fix
it up a bit.

Help appreciated.

To Bill Cole: caffine is not your friend dude...


Bill Cole wrote:
In article <psTAg.99309$R26.67351@xxxxxxxxxxxxxxxxxxxxxxxx>,
base60 <nobody@xxxxxxxxxxxxxx> wrote:

Bill Cole wrote:
[...]
It is perfectly reasonable and common to have multiple A records for one
name. It is dead wrong to have multiple CNAME records for one name. It
is perfectly reasonable to have multiple names with A records resolving
to the same address. Your scenario doesn't really make much sense.

I'm forced to disagree on this.

You can, if you wish, use almost exclusively A records... but I think
this is more of a personal preference thing, though.

It is not uncommon for webhosting companies etc., to have a single
host/A record with lots of domains cnamed to it.

I meant the other way. a name CANNOT functionally be the left hand side
of more than one CNAME record, or even of any record in addition to a
single CNAME.


CNAMEs, which "SHALL NOT" be used are an obvious solution for any thing
other than mail, and will work quite well for mail save for the "SHALL
NOT"
(for the questionable reason).

Not really a questionable reason at all. Complex mail systems always
need to beware of the risk of their MX responses breaking the size limit
on UDP DNS. Layering abstraction unnecessarily and adding in a need to
include the CNAME and A records in an MX response raises the risks of
hitting that wall.

Complex mail systems are frequently front-ended with a load balancer,
be it a DNS RR or a piece of hardware.

DNS load balancing for mail can lead to oversize responses if not done
with care.


The UDP packet size issue is unlikely to be seen here.

I have seen hosting companies ignore that issue to their regret. In the
pure mail provider realm, take a look at Hotmail's MX responses for a
while in 5-minute windows and note that the answer is always over 500
bytes. If you look at the data they are putting into the responses you
can see that they might be tempted to bulk them up.




To accomplish such with out using CNAMEs, mx.hosting-company.tld would
have
to use A record(s) that resolve to the IP address(es) of the current mail
server. Thus it would be extremely easy to end up with a situation where
you have an A record that resolves to an IP that does not reverse resolve
to the original name.

Which is a far less problematic situation than the MX->alias one, which
actually will not be followed by some resolvers. Asymmetrical A/PTR
resolution is not a circumstance that causes anything to not work,
absent very unwise forms of paranoid configuration.

Actually, it does: tcp-wrappers comes first to mind.

Like I said.

--
Now where did I hide that website...

.

Relevant Pages