Re: Cannot Send Mail To One Domain

[Alex von Thorn]

Subdelegation of blocks smaller than /24 almost invariably leads to problems, because the people who ask for it almost by definition don't have a lot of experience with DNS. It can be hard to set up (resulting in sites being unavailable) and over the years, changes can make it break, people forget to update serial numbers, etc. Remember that you should not be doing DNS at all unless you have (at least) two servers on different physical networks. It's really not a great idea.



At 10:34 AM -0600 11/16/02, Michael A. Pasek wrote:

In SIMS Digest #1853, Bill Cole <[EMAIL PROTECTED]> wrote:

I wonder if it might not be because the reverse DNS for your mail
server's IP address is bad? It seems to be returning a CNAME instead
of a PTR, and the name in that CNAME does not resolve. That is wrong
2 ways. It should yield a PTR record pointing at a name that resolves,
preferably back to the same IP.

A CNAME for an IP address is the only way to do sub-delegation of address
blocks on non-octet boundaries.  See http://www.ietf.org/rfc/rfc2317.txt
for the "accepted" way to do this.  Of course, the CNAME should be able
to be resolved to a PTR.

Some mail servers these days reject connections from IP addresses
without reverse DNS or without reverse DNS that seems 'proper' for
various definitions of 'proper.' Arguably your IP address has no
reverse DNS because it does not have a PTR record, and even if one
accepts the CNAME record as an adequate alternative, the name provided
in any CNAME should always resolve to an address.

Um....I think in this case, you want the CNAME to resolve to a host
name -- and THAT name should resolve to an address.  If you've done
it all correctly, it will be the same address that you started with.
There are certainly MTAs that will not accept mail if the PTR record
does not resolve to a hostname, and others that verify that the hostname
resolves back to the same IP address.  Still others (very few) will
verify the forward and reverse lookups AND check to make sure that the
name given in the HELO/EHLO greeting all match, as well.

Normally, you would not be doing the sub-delegation (and using CNAME
records) unless you're managing your own DNS.  Talk to the ISP and have
them fix this (it was probably set up for the previous owner of your
address space, and never updated).

Michael A. Pasek
Pasek Consulting, Inc.
9741 Foley Boulevard NW
Coon Rapids, MN  55433-5616
(612) 597-5977
[EMAIL PROTECTED]


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>

--
Alex von Thorn                             http://worldhouse.com/alex/
Deputy Head of Programming, Torcon III     http://www.torcon3.on.ca/
Vice-Chair, Seattle in '05 NASFiC bid      http://www.seattle2005.org/

#############################################################
This message is sent to you because you are subscribed to
 the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>