AOL blocking MailScanner messages!
Mike Kercher
mike at CAMAROSS.NET
Fri Dec 5 01:23:28 GMT 2003
I understand you're on cable and have a block less than /24. In this case,
it is RR's responsibility to maintain their DNS. It is your right, as their
customer, to ensure that they do what they are supposed to.
I haven't forgotten anything about DNS. I run MANY DNS servers :) You may
have noticed different types of error messages in your mail logs. Some are
temporary failures (like if a DNS server in unreachable). That is totally
different from an authoritative nameserver saying "I have no information
about my zones".
Is it possible to delegate RDNS for a network of less than a /24? What
would the zone be?
Mike
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Steve Thomas
> Sent: Thursday, December 04, 2003 7:01 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: AOL blocking MailScanner messages!
>
> On Thu, Dec 04, 2003 at 06:37:34PM -0600, Mike Kercher is
> rumored to have said:
> >
> > If not, admins on the other end need to get off their ass and make
> > their networking correct, complete and in compliance with the RFC's.
>
> I've only been skimming this thread, so this may have been
> stated already. If so, I apologize...
>
> You're forgetting that reverse dns is a totally different
> animal than forward, and that just about anyone with less
> than a /24 (and many with a /24 or larger) don't have the
> reverse zones delegated to their servers. If I own foo.com, I
> can easily create any forward entry in the foo.com domain,
> but making something in the in-addr.arpa domain point to
> mailserver.foo.com is not nearly as easy.
>
> As a for instance, the machine I'm sending this message from
> is on a RoadRunner network. We've got a block of addresses
> allocated to us and despite repeated assurances that they
> would delegate the in-addr.arpa zone for our netblock to our
> dns server, it's never happened. Now if RR managed to have a
> corrupt zone file, forgot to generate PTR records for our
> netblock or for some other reason wasn't on the ball, I'd be
> "an admin who was sitting on my ass not making my network
> correct"? I think not. My dns server is properly configured
> to serve requests for the /28 we've been allocated but RR is
> still in control of the zone.
>
> Then there's network outages, software failures, fiber cuts,
> DDoS attacks, etc, etc to consider. You'll reject mail just
> because the DNS server serving the in-addr.arpa zone for the
> connecting machine is unreachable?
>
> I can see adding a warning header or something innocuous like
> that, but outright rejecting mail from machines without RDNS
> properly configured is overkill, IMHO.
>
>
> Steve
>
>
> --
> "Blessed is the man, who having nothing to say, abstains from
> giving wordy evidence of the fact."
> - George Eliot (1819-1880)
>
More information about the MailScanner
mailing list