James G. Sack (jim) wrote: > > ..this is complicated :-) > > So (in my own words) rfc1912 says every IP should (MUST) have a rDNS > (presumeably pointing to a valid domain name), and it looks like the > spec also says that (PTR) record must in turn match the IP via normal > DNS (A-record lookup) -- that is there must be corresponding A-PTR pairs.
http://www.faqs.org/rfcs/rfc1912.html 2.1 Inconsistent, Missing, or Bad Data Every Internet-reachable host should have a name. The consequences of this are becoming more and more obvious. Many services available on the Internet will not talk to you if you aren't correctly registered in the DNS. Make sure your PTR and A records match. For every IP address, there should be a matching PTR record in the in-addr.arpa domain. If a host is multi-homed, (more than one IP address) make sure that all IP addresses have a corresponding PTR record (not just the first one). Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all. Also, PTR records must point back to a valid A record, not a alias defined by a CNAME. It is highly recommended that you use some software which automates this checking, or generate your DNS data from a database which automatically creates consistent data. I see the *should* and think that it is not a must. > But, the point within rfc2821 was dealing with something different, > namely that an SMTP server must not refuse to accept mail simply because > the rDNS result is a different FQDN from the HELO data. It is ok (and > probably best) to refuse mail from an IP that fails rDNS lookup, as RR > was doing. Right. > So, RR was doing the correct thing by refusing it, it seems. =-O I doubt it. Sine sparky now has a reverse, I cannot test my thesis. If, as soon as there was a connection made to port 25 of the Road Runner Mail Exchange, it was dropped because of the lack of reverse that's fine. However, once the HELO/EHLO goes through, that's it. The mail must be accepted unless otherwise invalid (such as the recipient does not exist, or that TXT record overloading (that upsets me too, btw) nonesense, that sort of thing) I suspect that the RR MX hosts happliy accepted the connection, got the HELO/EHLO, gave a 2xx response, then complained vociferously, for no reason other than the lack of PTR which was known *BEFORE* the HELO/EHLO. Again, I cannot test these theories. :( -john > > >.. > > Regards, > ..jim > > -- > [email protected] > http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
