Server/mail/naming setup theory

bscott at ntisys.com bscott at ntisys.com
Tue Apr 13 19:07:01 EDT 2004 

On Tue, 13 Apr 2004, at 2:03pm, derek at derek.homeunix.org wrote:
> I ... found out that my mail was blocked from here and I could not hit the
> web page. This turned out to be due to dns issues.

  Could you explain this in a little more detail, please?  What were the DNS
issues?

> I found that I could hit the site by IP, and I had to change ports due to
> my provider blocking port 80.

  At what domain?  Are we talking about the <derek.homeunix.org> domain?

  Assuming you do mean that domain... I see that you're using Adelphia.  A
word of warning: Many providers, Adelphia included, forbid hosting services
on the feeds they provide.  Most of these providers are happy to look the
other way as long as you're not causing any trouble, but if you make any
noise, they will often cut your feed for violating their Terms Of Service
(ToS).  Likewise, an ISP that has these kinds of restrictions is likely a
poor choice to be hosting services on in the first place.  I realize you
likely already know this; I just want to make sure.

  End of lecture.

> To make all of this a bit easier for me, I decided to buy a domain name,
> and set up web forwarding through zone edit.

  I presume this is the kind of thing where someone who goes to

 	http://www.example.org

gets sent to a server run by a third-party.  The third-party server then
issues an HTTP redirect (or sometimes an HTML frameset) to a URL like

	http://derek.homeunix.org:8080/

The end result being your web server running on a non-standard port is still 
generally reachable.

  If that is the case, you should be aware that this generally *only* works
for HTTP (web servers).  Most protocols -- notably, SMTP -- have no
provisions for redirecting to non-standard connections.  This means that
if/when Adelphia starts blocking TCP port 25, your email will die instantly.

> ... most people can send me e-mail ...

  Trying to host email on a dynamic IP address will lead to problems.  The
principles behind SMTP assume a well-connected, stationary host.  There's
nothing that says you cannot have a dynamic MX, but things just don't work
as well.  So some problems are to be expected.

  In addition to the problems inherent in trying to hit a moving target, we
have the following value-added difficulties:

  You are using DNS records with a low TTL (60 seconds) to try and work
around the fact that you have a dynamic IP address.  Some systems ignore
TTLs of such small values (typically, anything less then a day or an hour
gets ignored).  This means that, when your IP address changes, some systems
will not catch on immediately.  AOL falls into this category.

  Some operators have configured their mail exchangers to reject mail coming
from dynamic IP addresses.  They use blacklists of netblocks known to be
used by dynamic providers (such as Adelphia).  You will be unable to
exchange mail with these systems.  AOL falls into this category.

  Some operators have configured their mail exchangers to do reverse DNS
lookups.  This means they take the address your own MX is connecting from,
and do a reverse DNS lookup on it.  If they do not get a response, they
refuse your mail.  Your current address (68.235.175.211 as I write this)  
does reverse properly, but if that does not always occur, you may lose mail.

  Another note: You have no MX record for <derek.homeunix.org>.  Now, the
standards very clearly state that, in the absence of an MX record, a mail
exchanger should try looking for an A record, and connect to any address
found, as if an MX record existed and resolved to that address.  However,
there is some broken software in the world that only recognizes MX records.
So you may want to add

	derek.homeunix.org.	MX	10 derek.homeunix.org.

to your DNS zone, even though it is technically redundant.

> I am looking into getting off of the old domain name ...

  Could you please provide the actual domain name(s) in question?  It makes
things a lot easier if we can just run tests directly, rather then trying to
guess.

> Can I set up mail to go to the domain, or will it need to point to a host?

  Mail is always routed via domain names.

  All names in DNS are domain names.  <derek.homeunix.org> is a domain name.  
<homeunix.org> is a domain name.  <org> is a domain name.  Even <> is a
domain name (the root domain).  DNS makes no distinction between domain
names that happen to identify a particular computer (a host), and domain
names which do not.  So forget the whole "domain vs host" thing; it's a
misconception from the start.

  You can control how mail gets delivered for a domain name using an MX
(mail exchanger) record in DNS.  For example, the DNS record

	example.org.       MX  10 mail.example.org.

say that mail address to <anything at example.org> should be delivered to the
mail exchanger known as <mail.example.org>.  Add an address record

	mail.example.org.  A   192.0.2.5

and mail for <example.org> will end up going to <192.0.2.5>.  Or trying to,
anyway.

  Note that the label <mail> has no significance.  You could just as easily
use

	example.org.       MX  10 blackhole.example.org

or whatever else.

> * How does mail resolve?

  What do you mean by "resolve" in that sentence?

>  * If I need to change my e-mail to a host.me.org format, would it be
> worth it to set up dns on my home network?

  The two are not really related.

  Running a private DNS zone is useful if you want all the computers on a
private network to be able to find each other by name, and you don't want
the hassle of keeping /etc/hosts files current on all the computers.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |

More information about the gnhlug-discuss mailing list