Markus Stumpf wrote:
On Wed, Apr 07, 2004 at 02:37:24PM -0600, Doug Royer wrote:
Here is the problem that virtual and co-hosting sites often face:
This isn't a problem IMHO.
There are at most 1% dynamic DSL users that want to run MTAs. For the
bigger well of all Internet users they can't any more. If they want to
make eMail from home.virtual-1.com they can route via their MTA on the
static address hosting.virtual-1.com and inject with SMTP AUTH and
retrieve with POP3 and IMAP or they can use the MTA of their ISP.
The same problem is for static DSL or dial-up IP addresses. How much
effort will your ISP
put into verifying that your have the right to do a reverse push of
home.example.com ?
None in most cases. So the reverse DNS will not match the forward.
Co-hosted systems may use their own MTA and DNS. Or you DNS and their MTA,
or your MTA and their DNS, or some 3rd party MTA or DNS. There is no way
to control that. The reason people co-host is to co-locate, high
availability (UPS or
whatever) and they are using your IP addresses.
I do not think that forcing the reverse DNS records is manageable by ISPs.
We do, and managing revDNS is no problem.
For co-hosting systems at your site that use their own MTAs? Are they
correct?
If you do not know if they are correct, then that is the same problem as
now
which is they do not match. If they use a DNS server that is not yours,
you can not automatically check. They could drop host2.example.com and
replace it with mx2.example .com and you would never know. You would
just know that they sill used that IP.
I do not think that most (all?) hosting sites will be able to comply to
that
if it were a requirement.
Exactly why? Instead of putting
server0815-4711
into DNS they could as well put the name the customers wants in there.
They have management interfaces for the hosting servers allowing their
customers everything including the choice of banner servers, so where is
the problem adding a module that updates the hostname in revDNS via
nsupdate?
For dynamic addresses - they can push it, but by the time the world sees
it , its changed.
Okay there is a tool. What if they do not use it? Are you going to allow
your
co-hosted systems to do a reverse DNS push for a domain they do not own?
How would you know if they did? When you are co-hosting systems you
may not know which domains they host or how many virtual systems they host.
This is a very good example NOT to allow MTAs on dynamic address space ;)
When an MTA contacts your MTA - how do you know if it is using
a dynamic or static address? You can not, therefore it is not enforceable.
--
Doug Royer | http://INET-Consulting.com
-------------------------------|-----------------------------
Doug(_at_)Royer(_dot_)com | Office: (208)520-4044
http://Royer.com/People/Doug | Fax: (866)594-8574
| Cell: (208)520-4044
We Do Standards - You Need Standards
smime.p7s
Description: S/MIME Cryptographic Signature