> (I asked Mark to discuss this on <ietf-smtp> -- I'll provide context
> where it seems needed...)
>
> Mark Andrews <[EMAIL PROTECTED]> wrote:
> > To: John Leslie <[EMAIL PROTECTED]>
> >> Mark Andrews <[EMAIL PROTECTED]> wrote:
> >>> SM <[EMAIL PROTECTED]> wrote:
> >>>> Mark Andrews <[EMAIL PROTECTED]> wrote:
> >>>>
> >>>>> It is easy to turn "MX 0 ." into "This domain doesn't support
> >>>>> email" as "." is not confusable with a hostname. There is no
> >>>>> reason to look up addresses records for "."
> >>>>
> >>>> There was an I-D, draft-delany-nullmx-00, which didn't make it
> >>>> to RFC status.
> >>>>
> >>>>> Which could just be a misconfiguration. You still have to
> >>>>> look up addresses for "dev.null".
> >>>>
> >>>> Yes. People still do it.
> >>>
> >>> Yes they do. We, the IETF, have failed them by not providing
> >>> them with a clear mechanism to do what they want without bad
> >>> side effects.
>
> (The above is to give context.)
>
> >> I well remember DNS gurus trying to deprecate the use of "."
> >> wherever it might lead to queries to root servers for "." Is
> >> this no longer an issue?
> >
> > SRV say to use "." for "no service".
>
> This is indeed specified in RFC 2782.
>
> > RP say to use "." for "does not exist".
>
> I think Mark means Responsible Person (RFC 1183).
>
> > There are already queries for A and AAAA queries for ".".
> > Codifing the use of "MX 0 ." will, in the long run, reduce
> > the number of such queries as MTA's get updated.
>
> I'm pretty sure Mark means that the additional usage will speed
> the update of MTAs which now query for "." to stop making this
> useless query.
>
> > The roots can handle the query load in the mean time.
>
> Mark is more of a DNS guru than I, certainly, so I tend to assume
> he's right about this.
>
> However, widespread usage of this convention _could_ generate
> rather a lot of potenital DNS queries as spammers continue to forge
> Mail-From addresses which domain administrators attempt to mark as
> "no incoming email accepted".
>
> (The volume of spam blowback dwarfs any current use of SRV and
> RP records.)
>
> >> I'm very confused that Bill Manning seems to be calling for
> >>
> >> * MX .
> >
> > I think you mean "* MX 0 ."
>
> (Indeed, I erred in typing this.)
>
> > and Bill was not saying that.
>
> Frankly, I have a lot of difficulty understanding _what_ Bill
> Manning was saying, except that he didn't want to publish MX records.
> I guessed he might mean that anyone who _didn't_ want a machine
> probed for a port-25 server should publish MX records to say so.
> (But, of course, he might just as well have meant you should block
> port 25 -- I really don't know...)
>
> > Bill knows that a wildcard record will not have the desired
> > effect. Adding a "MX 0 ." record along side a existing
> > record will have the desired effect.
>
> (Actually, I doubt that either Mark or I should attempt to speak
> for Bill.)
>
> >>> It will be needed even *after* IPv6 takes over. There will
> >>> be lots of queries for A records long after the majority
> >>> of hosts don't have A records.
>
> This is getting back to Mark's actual point -- that queries for
> A (and/or AAAA) records for domains that don't want to participate
> in SMTP is a bad use of the DNS system.
>
> I quite agree.
>
> >>> We need to remove the implict MX from A to prevent the A
> >>> record lookups occuring as things currently stand.
>
> I don't agree with "need to"; but I do think the SMTP world would
> be a better place if we did.
It was more "the only way to prevent the A lookups is to
remove the fallback".
If we ever head down this path there would need to be years
of advance notice.
Mark
> --
> John Leslie <[EMAIL PROTECTED]>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
