[dns-operations] can anybody think of what antispam purpose this RRset might be serving

Joseph S D Yao jsdy at center.osis.gov
Thu Dec 21 20:08:14 UTC 2006

On Wed, Dec 20, 2006 at 01:44:49AM +0000, Paul Vixie wrote:
> colour me puzzled.  rrset ttl's are minimized by compliant initiators, so
> the MX RRset here has ttl 0.  but maybe there's spamware or malware out there
> that doesn't respect this, and this is the indirect way i'm hearing about it?

I'm mildly puzzled, too, and am tending to ascribe it to
misconfiguration.  Especially since their US name server (presumably
slaving its copy of the zone off the master) has normalized both TTLs to
0, making this useless for half of any postulateed usage.

I have seen configurations where the preferred mail server is a
firewall or other protective device, which may or may not be on the same
network as the other mail server, which is the real mail server.
Apparently the internal network can only see the internal server.
Sometimes the external network can see only the firewall; sometimes it
can see both, but is meant to prefer the firewall.

The box with TTL = 0 is running Exim as the MTA, the other is gruffly
unresponsive as to what it is or anything else about it.  Maybe the TTL
0 is just a futile attempt to hide the "real" mail server, and present
the firewall to everyone?

There are so many reasons one might do something wrong in DNS.  Or
anything else for that matter.

Joe Yao
   This message is not an official statement of OSIS Center policies.

More information about the dns-operations mailing list