In
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0511041342410(_dot_)6362-100000(_at_)bmsred(_dot_)bmsi(_dot_)com>
"Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com> writes:
On Fri, 4 Nov 2005, Scott Kitterman wrote:
PTR is legal, but should be avoided if at all possible (it's virtually
always
possible).
In terms of DNS lookups, it is the same as MX. [...]
I strongly disagree. In both theory and practice, PTR is much worse
than MX.
The biggest problem with PTR is in practice. There are simply far
more broken name server delegations to the reverse DNS tree than the
forwarder DNS tree so PTR lookups are *FAR* more likely to timeout.
This is true even for legitimate MTAs. For spam sources, the rDNS
tree is almost useless.
In theory, MX is cheaper than PTR because MX records get additional
processing. The name servers send the A records for the domains
mentioned in the MX records along with the MX records. PTR records do
not send the same info. So, while MX record process may require the
same number of calls to the resolver, the actual number of DNS queries
that have to be sent over the internet is usually less because of
caching for MX lookups than for PTR.
The reverse DNS tree also generally has more levels of delegation.
So, asking for the MX records for example.com usually involves asking
the .com name server, getting the an answer that says "ask the
authorative server for example.com located at <IP>" and then getting
the answer directly from them. In the reverse DNS tree, you often
have to send several queries because each component in the rDNS tree
has been delegated.
So, I agree with Scott. PTR should be avoided, if at all possible.
-wayne
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com