Thanks. Maybe we're agreeing, but I'm still not sure. Maybe it's just
the end of a long day...
If more than one domain (say foo.com and bar.com) can legitimately
originate mail from my address 1.2.3.4, and one attempts to 'validate a
presented name' using rDNS, yet only one name can be established to
which 1.2.3.4 reverse maps, how can it possibly be that at least one of
foo.com or bar.com does not fail to validate? (Aside: Commonly it will
be *neither* that validates, since the rDNS query goes to my ISP, not
me.)
Perhaps you would deny my premise, and insist that each domain wishing
to originate mail have its own unique IP address. If so, that would be a
consistent viewpoint, but, IMHO, not a realistic restriction to impose
(note that no DNS aliases or CNAME records need be involved here).
---------------------
From: Eric D. Williams [mailto:eric(_at_)infobro(_dot_)com]
With respect to rDNS, my practice has been to establish only a single
canonical name to that addresses reverse map. I do not see a need to
attach more than one name. I don't disagree that an IP may have
multiple forward maps to accommodate 'web-hosting' but to me reverse
maps have little or nothing to do with web hosts. I see utility for
rDNS where protocols attempting to validate a presented name e.g.
myhost.home.net is the expected name at the reverse map, i.e.. using
ssh, ftp, telnet or smtp. MTAs SHOULD have and use only a canonical
name and not an alias, I feel that it is equally appropriate for the
reverse map of an MTA host.
That's my bugaboo, like I said it is a preference, I thought was a
best
practice as well. Although obviously it is not a 'rule' of any sort.
Were
I serving domains in the fashion you present I would most likely have
a
different view as well.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg