Brian Thank you again for your response, and also thank you for yesterday pointing me to the support in open policy for the group. Currently I don't have any evidence as I have not done the packet captures.
Two of the three outside parties complaining claim their servers look up the authoritative name servers for the domain in the email address and then their systems dig for reverse lookup against these name servers. It seems out of spec. but I have 2 parties saying this is normal and how it has been done for years. The third is showing the same behavior, but has not stated why they think it is occurring yet. I have asked them for more information and they have side they will get it to us. I will look to do some packet captures as well. My guess is our previous servers were running bind and look like they may have allow recursive lookups for any requests to the reverse zones. I am looking into the configs to see how they were pulling that off with the rest of recursion being blocked. Unfortunately the guy who set up our bind servers left several years ago. Thanks Bryant ---------------------------------------- From: Brian Candler <b.cand...@pobox.com> Sent: 7/19/19 11:00 AM To: bryantz-p...@zktech.com, pdns-users <pdns-users@mailman.powerdns.com> Subject: Re: [Pdns-users] Reverse Lookup zone subnetted On 19/07/2019 15:52, bryantz-p...@zktech.com wrote: > Where we are getting into issues is that customers we host e-mail > servers for are having issues as some email service providers appear > to be forcing their reverse lookups directly against our powerdns servers. Can you provide your evidence for that assertion? Do you have packet captures? I can't see any way they could know about your nameservers, unless they followed the in-addr.arpa delegation which ended up with your CNAME.
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
