[Top] [All Lists]

Re: I-D Action:draft-klensin-rfc2821bis-10.txt

2008-04-17 14:29:15

At 14:52 +0100 on 04/17/2008, Tony Finch wrote about Re: I-D Action:draft-klensin-rfc2821bis-10.txt:

On Thu, 17 Apr 2008, Arnt Gulbrandsen wrote:

I still can't understand why so many people here think an AAAA should suffice.

I think it's more that a host with A and AAAA should be able to receive
email via AAAA even without an MX.


I think part of the problem is that there is a confusion between a host that happens to have a FQDN that was used in a user(_at_)FQDN email address and the SMTP Servers that are designated as the authorized method of delivering email to users with that FQDN email addresses.

There is no requirement that a host pointed to by a FQDN A or AAAA record be running an SMTP Server that is responsible for accepting mail addressed to a FQDN email address. The responsible SMTP Servers are supposedly designated by an MX record that points at the A and AAAA records of the hosts running SMTP MTAs that are responsible for the FQDN domain (hosts who might not have FQDN as their host name). The direct use of the hosts pointed to by an A record in the absence of a FQDN MX is for 20+ year old historical reasons that ASSUME that the hosts pointed to by the FQDN A records ARE running an MTA that is willing to accept FQDN email. Use of an AAAA record (or an A record) in the absence of an MX record is only viable (let alone valid) WHEN those A and/or AAAA hosts ARE running an MTA. In the case where this assumption is incorrect, the correct hosts for the FQDN MUST be located via an MX record for that FQDN (the simulation of a FQDN MX 0 FQDN record in the absence of an physical/explicit MX record is thus only valid when the FQDN A and AAAA records DO point at hosts running MTAs).

While allowing the use of AAAA records in the absence of an MX (in the way that A records are currently allowed to be used) might work (although IMO a dangerous procedure), there should at least be some statement [in whatever document that authorizes this method of finding IPv6 reachable MTAs in lieu of using an explicit MX pointing at the IPv4 and IPv6 hosts running MTAs] that this failure to supply an MX is only allowed if ALL hosts with the FQDN name ARE running MTAs (IOW: If/When ANY of the FQDN names hosts are not running an MTA, a MX MUST be supplied and direct use of A and/or AAAA records with the FQDN host name is NOT supported).

Since it seems (and I agree with this stance) that attempts to deprecate the A-Fallback behavior is not politically viable right now, the best short-term solution is to discourage the use of A (and definitely AAAA) records and to document the situations when they can be used (ie: When the Domain DNS Administrator KNOWS [not just ASSUMES] that the A and AAAA records point at MTA running hosts), and recommend the use of MX records to insure that only MTA running hosts are contacted to receive email.