John H. Robinson, IV wrote: > James G. Sack (jim) wrote: >> ..this is complicated :-) >> >> So (in my own words) rfc1912 says every IP should (MUST) have a rDNS >> (presumeably pointing to a valid domain name), and it looks like the >> spec also says that (PTR) record must in turn match the IP via normal >> DNS (A-record lookup) -- that is there must be corresponding A-PTR pairs. > > http://www.faqs.org/rfcs/rfc1912.html > > 2.1 Inconsistent, Missing, or Bad Data > > Every Internet-reachable host should have a name. The consequences > of this are becoming more and more obvious. Many services available > on the Internet will not talk to you if you aren't correctly > registered in the DNS. > > Make sure your PTR and A records match. For every IP address, there > should be a matching PTR record in the in-addr.arpa domain. If a > host is multi-homed, (more than one IP address) make sure that all IP > addresses have a corresponding PTR record (not just the first one). > Failure to have matching PTR and A records can cause loss of Internet > services similar to not being registered in the DNS at all. Also, > PTR records must point back to a valid A record, not a alias defined > by a CNAME. It is highly recommended that you use some software > which automates this checking, or generate your DNS data from a > database which automatically creates consistent data. > > I see the *should* and think that it is not a must.
OK, I see that there seems to be some difference of opinion on just that. >> But, the point within rfc2821 was dealing with something different, >> namely that an SMTP server must not refuse to accept mail simply because >> the rDNS result is a different FQDN from the HELO data. It is ok (and >> probably best) to refuse mail from an IP that fails rDNS lookup, as RR >> was doing. > > Right. > >> So, RR was doing the correct thing by refusing it, it seems. =-O > > I doubt it. Sine sparky now has a reverse, I cannot test my thesis. > If, as soon as there was a connection made to port 25 of the Road Runner > Mail Exchange, it was dropped because of the lack of reverse that's > fine. However, once the HELO/EHLO goes through, that's it. The mail must > be accepted unless otherwise invalid (such as the recipient does not > exist, or that TXT record overloading (that upsets me too, btw) > nonesense, that sort of thing) > > I suspect that the RR MX hosts happliy accepted the connection, got the > HELO/EHLO, gave a 2xx response, then complained vociferously, for no > reason other than the lack of PTR which was known *BEFORE* the > HELO/EHLO. > > Again, I cannot test these theories. :( Might be interesting to find out. Oh well. Thanks again, and regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
