Re: DNS question, null MX records

[Mark Andrews <marka () isc org>]

In message <4B284376.3000800 () mail-abuse org>, Douglas Otis writes:
> On 12/15/09 8:06 AM, Andy Davidson wrote:
> > Eric J Esslinger wrote:
> > > I have a domain that exists solely to cname A records to another domain's 
> websites.
> > [...]
> > > I found a reference to a null MX proposal, constructed so:
> > > example.com    IN    MX 0 .
> > [...]
> > > Question: Is this a valid dns construct or did the proposal die?
> >
> > It's "valid", but you will probably find people still try to spam to
> > machines on the A records, and all of the other weird and wonderful things
> > that spambots try to do to find a path that will deliver mail...
>
> SRV records documented the hostname "." as representing "no service". 
> However, errors made by non-RFC-compliant clients still generate a fair 
> amount of root traffic attempting to resolve A records for ".".  The MX 
> record never defined a hostname "." to mean "no service" so it would be 
> unwise to expect email clients will interpret this as a special case 
> meaning "no service" as well.  One might instead consider using:
>
> example.com.  IN MX 0 192.0.2.0
>               IN MX 10 192.0.2.1
>               ...
>               IN MX 90 192.0.2.9

Which will expand to:

example.com.    IN MX 0 192.0.2.0.example.com.
                IN MX 10 192.0.2.1.example.com.
                ....
                IN MX 90 192.0.2.9.example.com.

MX records DO NOT take IP addresses.
 
> where 192.0.2.0/24 represents a TEST-NET block.
>               
> This should ensure traffic will not hit the roots or your servers. 
> Assuming a sender tries all of MX addresses listed, they may still 
> attempt to resolve A records for example.com.  This MX approach will 
> affect those failing to validate email prior to acceptance, and, of 
> course, spammers.
>
> -Doug

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org