[dns-operations] A problem with using DNAMEs in reverse lookups

Florian Weimer fweimer at bfk.de
Sun Apr 3 15:07:45 UTC 2011


* Jeroen Massar:

> As such you get stuff like:
>
> host mailgw.swip.net[212.247.156.1] said: 472 mail at example.com no DNS
> A-data returned
>
> There are two reasons for this failure:
>  - it only checks the highest prio MX, and then fails
>  - it does not support IPv6 (AAAA)

This is an extremely common misbehavior.  As you noted, for
interoperability reasons, the highest-priority MX record must have an
A RRset, AAAA RRset only will not do.

> As such if the 10 MX of example.com has only an AAAA record, but the
> 20 MX does have an A it will never find a valid address. And guess
> what, a lot of ISPs apparently run this Communicate stuff and are
> not upgrading it.

It's not just Communigate.  I believe there are some Sendmail macros
in circulation which lead to similar behavior.

(Communigate has other curious issues.  At least in some version, it
doesn't do exponential backoff when it runs into a TLS connection
error.  If the error is persistent because of TLS interoperability
issues, this gives you a nice rate of connection attempts, limited
only by the handshake delay. *sigh*)

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99



More information about the dns-operations mailing list