[Top] [All Lists]

Re: How to mark domains that do / do not wish to receive email

2008-03-26 18:14:09

   (I asked Mark to discuss this on <ietf-smtp> -- I'll provide context
where it seems needed...)

Mark Andrews <Mark_Andrews(_at_)isc(_dot_)org> wrote:
To: John Leslie <john(_at_)jlc(_dot_)net>
Mark Andrews <Mark_Andrews(_at_)isc(_dot_)org> wrote:
SM <sm(_at_)resistor(_dot_)net> wrote:
Mark Andrews <Mark_Andrews(_at_)isc(_dot_)org> wrote:

It is easy to turn "MX 0 ." into "This domain doesn't support
email" as "." is not confusable with a hostname.  There is no
reason to look up addresses records for "."

There was an I-D, draft-delany-nullmx-00, which didn't make it
to RFC status.

Which could just be a misconfiguration.   You still have to
look up addresses for "dev.null".

Yes.  People still do it.

Yes they do.  We, the IETF, have failed them by not providing
them with a clear mechanism to do what they want without bad
side effects.

   (The above is to give context.)

I well remember DNS gurus trying to deprecate the use of "."
wherever it might lead to queries to root servers for "." Is
this no longer an issue?

SRV say to use "." for "no service".

   This is indeed specified in RFC 2782.

RP say to use  "." for "does not exist".

   I think Mark means Responsible Person (RFC 1183).

There are already queries for A and AAAA queries for ".".
Codifing the use of "MX 0 ." will, in the long run, reduce
the number of such queries as MTA's get updated.

   I'm pretty sure Mark means that the additional usage will speed
the update of MTAs which now query for "." to stop making this
useless query.

The roots can handle the query load in the mean time.

   Mark is more of a DNS guru than I, certainly, so I tend to assume
he's right about this.

   However, widespread usage of this convention _could_ generate
rather a lot of potenital DNS queries as spammers continue to forge
Mail-From addresses which domain administrators attempt to mark as
"no incoming email accepted".

   (The volume of spam blowback dwarfs any current use of SRV and
RP records.)

I'm very confused that Bill Manning seems to be calling for

*    MX    .

I think you mean "* MX 0 ."

   (Indeed, I erred in typing this.)

and Bill was not saying that.

   Frankly, I have a lot of difficulty understanding _what_ Bill
Manning was saying, except that he didn't want to publish MX records.
I guessed he might mean that anyone who _didn't_ want a machine
probed for a port-25 server should publish MX records to say so.
(But, of course, he might just as well have meant you should block
port 25 -- I really don't know...)

Bill knows that a wildcard record will not have the desired
effect.  Adding a "MX 0 ." record along side a existing
record will have the desired effect.

   (Actually, I doubt that either Mark or I should attempt to speak
for Bill.)

It will be needed even *after* IPv6 takes over.  There will
be lots of queries for A records long after the majority
of hosts don't have A records.

   This is getting back to Mark's actual point -- that queries for
A (and/or AAAA) records for domains that don't want to participate
in SMTP is a bad use of the DNS system.

   I quite agree.

We need to remove the implict MX from A to prevent the A
record lookups occuring as things currently stand.

   I don't agree with "need to"; but I do think the SMTP world would
be a better place if we did.

        It was more "the only way to prevent the A lookups is to
        remove the fallback".

        If we ever head down this path there would need to be years
        of advance notice.

John Leslie <john(_at_)jlc(_dot_)net>
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews(_at_)isc(_dot_)org