[dns-operations] A problem with using DNAMEs in reverse lookups
Jeroen Massar
jeroen at unfix.org
Sun Apr 3 08:19:28 UTC 2011
On 2011-Apr-03 00:15, Chris Thompson wrote:
[..]
> Has anyone else come across resolvers that behave like that?
Not that one, but something similar and I guess it has the same failure
reason: custom internal DNS lookup that is not properly implemented and
only looks at certain records but ignores anything else.
"CommuniGate Pro" upto 5.4c1 as per:
http://groups.google.com/group/demos.local.lists.cgp/browse_thread/thread/12c022191df7110c/b807be6b9e4fdc49?lnk=gst&q=ipv6#b807be6b9e4fdc49
didn't support IPv6 lookups and only checks for A records and not AAAA.
As such you get stuff like:
host mailgw.swip.net[212.247.156.1] said: 472 mail at example.com no DNS
A-data returned
There are two reasons for this failure:
- it only checks the highest prio MX, and then fails
- it does not support IPv6 (AAAA)
As such if the 10 MX of example.com has only an AAAA record, but the 20
MX does have an A it will never find a valid address. And guess what, a
lot of ISPs apparently run this Communicate stuff and are not upgrading it.
Mail servers are just broken per DNS, even postfix does not properly
contact the right MXs, it connects to every single address of an MX
before going on to the next, even though the MX might respond with a
3xx/4xx/5xx style response it will keep on connecting to the other AAAA
or A records, while it should give up on the MX and try the next MX instead.
Greets,
Jeroen
More information about the dns-operations
mailing list