BTW, you really MUST NOT point your MX record(s) at CNAMEs: $ host -v -t mx mailnewsrss.com Query about mailnewsrss.com for record types MX The following answer is not authoritative: mailnewsrss.com IN MX 0 mail.mailnewsrss.com *** mailnewsrss.com MX host mail.mailnewsrss.com is not canonical
The target domain of an MX record _MUST_ be a valid hostname. At Mon, 23 Nov 2009 16:52:01 -0800, ML <mailingli...@mailnewsrss.com> wrote: Subject: Multiple Mail domains for reverse ptr records? I'm confused > > I have some confusion about multiple reverse PTR records per IP. > > Comcast has told me that they can only assign 2 reverse PTR records per IP. That 2-PTR restriction must be some limitation in Comcast's provisioning software, or possibly some administrative limit they enforce to try to make their customers adhere to some kind of usage policy. The DNS protocol and design itself allows you to have as many PTRs as will fit in a single DNS reply, though realistically most software will only ever see at maximum 35 PTRs for a given address regardless of how many are sent in the reply. (that's the default limit built into the most commonly used DNS resolver code) > So if I have mail.domainA.com and mail.domainB.com this is fine. If > the reverse lookup is done and it is not correct, it will retry and > get the second record and all is well. You don't need to do that. You don't want to do that. It is not scalable. However if you do end up having more than one hostname pointing at the same IP address then you _really_ do want to have a PTR for each of those hostnames -- while it may be _sufficient_ for some software, such as Postfix, to find just one valid PTR, the rationale for using reverse DNS requires that PTRs and A RRs be 100% orthogonal in order for the reverse DNS to be truly meaningful and useful. One wants to be able to find _every_ valid hostname for a given IP when one does a reverse DNS look-up -- anything less makes all the unmatched hostnames look like they are invalid and bogus users of the IP address. It is impossible to validate any unmatched hostname as a valid user of an IP address. For example should some connection arrive from a client and it gives as its name one which cannot be matched in the reverse DNS then there is no way to know that it is a valid and authorised user of the IP address it is connecting from -- it could be hijacking a connection from the source network -- it could even be TCP spoofing its source address (if other measures are not also protecting against TCP spoofing). Keep your forward and reverse DNS hostnames and PTRS 100% consistent. Do it for the rest of us, if not for the sanity of your own IP address assignment and bookkeeping. One of your current hostnames is not valid in the current reverse DNS: $ host -Av mailnewsrss.com Query about mailnewsrss.com for record types A Checking reverse mapping consistency for host mailnewsrss.com Hostname mailnewsrss.com maps to address 173.13.167.209 Found 1 address for host mailnewsrss.com Checking if address 173.13.167.209 has the hostname mailnewsrss.com mailnewsrss.com address 173.13.167.209 maps to hostname mail.mailnewsrss.com mailnewsrss.com address 173.13.167.209 maps to hostname mail.theindiecompanyllc.com *** Hostname mailnewsrss.com does not belong to address 173.13.167.209 *** Not all addresses for hostname mailnewsrss.com have a matching hostname. > How do people then run a large mail server with many domains? I have > about 10 domains that need e-mail and I wanted to build a single mail > server to handle this. But now I guess it can't be done? The normal sane way to host multiple domains on the same server is to use MX records for each domain, all which point at _ONE_ hostname for the mail server. Proper use of MX records makes it possible for one mail server to handle thousands and tens of thousands or even hundreds of thousands of domains (depending on volume, of course). A single mail server instance, using a single primary hostname, can recognise and accept messages for many domain names. Here's an example of multiple e-mail domains using one server: mail.example.com. IN A 555.121.121.121 121.121.121.555.in-addr.arpa.com IN PTR mail.example.com. cust-1-example.com. IN MX 0 mail.example.com. cust-2-example.com. IN MX 0 mail.example.com. cust-3-example.com. IN MX 0 mail.example.com. [[ ... ]] cust-n-example.com. IN MX 0 mail.example.com. It is not necessary (or sane) for every domain used for e-mail to have a unique hostname (i.e. "A" record) for the mail server which handles the e-mail for that domain. > What is my best way to accomplish this? I dont want a lot of machines > cluttering up my apartment and consuming massive electricity until my > startup is off the ground.. Why would you need more than one server? (assuming your one server and your connection can adequately handle the traffic volume your users cause to be directed at it, of course) Even if you have multiple IP addresses, as well as multiple hostnames, you can still host everything all on one server, if it has enough capacity to handle the traffic load. However you don't need multiple IP addresses, and you don't need multiple servers. -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack <wo...@robohack.ca> Planix, Inc. <wo...@planix.com> Secrets of the Weird <wo...@weird.com>
pgpOrmpTdfSoy.pgp
Description: PGP signature