Re: sink.arpa question

[Mark Andrews <marka () isc org>]

In message <4B2BCEA2.7010402 () i6ix com>, Jason Bertoch writes:
> Ted Hardie wrote:
> > But I think the key question is actually different.  Look at this
> > text in RFC 2821:
> >
> >
> >    If one or more MX RRs are found for a given
> >    name, SMTP systems MUST NOT utilize any A RRs associated with that
> >    name unless they are located using the MX RRs; the "implicit MX" rule
> >    above applies only if there are no MX records present.  If MX records
> >    are present, but none of them are usable, this situation MUST be
> >    reported as an error.
> >
> > If I put in an MX record pointing to a guaranteed non-present 
> > FQDN, someone complying with that text will throw an error rather than
> > keep seeking for an A/AAAA.  Is *that* useful?  If so, then
> > sink.arpa/1.0.0.257.in-addr.arpa as an MX record entry may be.
>
> Yes, I understand the RFC.  That section is what allows this topic to be 
> discussed in the first place.  sink.arpa may very well be the interim 
> solution, too.  It definitely looks better than "0 .".  It just seems 
> like an ugly, smelly hack when the fundamental problem lies with 
> allowing the implicit MX.  It implies that I should, for the benefit of 
> everyone, create a sink.arpa MX for every A record, where the effort 
> could be better spent dropping the implicit MX rule and requiring an MX 
> record for hosts that really do accept mail.
>
> /Jason

"MX 0 ." is not useable.  "." is not a legal host name.  For those
MTA's that ignore the legal hostname rule there shouldn't be any
address records at "." which also make it unusable.  And for those
of you worring about DNSSEC costs.  NODATA is 1 NSEC/NSEC3 record
unless it is from a wildcard where there are some addition records,
whereas NXDOMAIN is usually 2 NSEC or 3 NSEC3 records + signatures.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org