Server/mail/naming setup theory

p.lussier at comcast.net p.lussier at comcast.net
Fri Apr 16 00:23:01 EDT 2004


In a message dated: 13 Apr 2004 22:51:46 EDT
Derek Doucette said:

>On Tue, 2004-04-13 at 19:06, bscott at ntisys.com wrote:
>> 
>>   In addition to the problems inherent in trying to hit a moving target, we
>> have the following value-added difficulties:
>> 
>>   You are using DNS records with a low TTL (60 seconds) to try and work
>> around the fact that you have a dynamic IP address.  Some systems ignore
>> TTLs of such small values (typically, anything less then a day or an hour
>> gets ignored).  This means that, when your IP address changes, some systems
>> will not catch on immediately.  AOL falls into this category.

If we're talking about the derek.homeunix.org domain, then I'm going
to guess that this is also a DynaDNS.org in which case, I don't think
there's any control over the DNS config for things like TTL, as they
set it, not you.

>>   Some operators have configured their mail exchangers to reject mail coming
>> from dynamic IP addresses.  They use blacklists of netblocks known to be
>> used by dynamic providers (such as Adelphia).  You will be unable to
>> exchange mail with these systems.  AOL falls into this category.
>
>This could be, but like I said, I can get mail from aol account to
>deucedaily.org account, its just the derek.homeunix.org ones that fail.

deucedaily.org may not be on an AOL blacklist, but it wouldn't
surprise me if *.homeunix.org is since this, and several others are
all owned by DynaDNS.org.  This means it's relatively easy to block
based on destination domain name.

>>   Some operators have configured their mail exchangers to do reverse DNS
>> lookups.  This means they take the address your own MX is connecting from,
>> and do a reverse DNS lookup on it.  If they do not get a response, they
>> refuse your mail.  Your current address (68.235.175.211 as I write this)  
>> does reverse properly, but if that does not always occur, you may lose mail.
>
>This is what the problem is I believe, so I think I want to change the
>configuration of postfix to accept mail going to derek at deucedaily.org.

No, you want something which will answer when AOL performs a reverse
DNS lookup on the MX record.  So, for example, if you assume that the DNS
record for your site is:

  derek.homeunix.org.	IN A  68.235.175.211

AOL is going to do a reverse DNS lookup on 68.235.175.211 and it's
needs to get a response to that query.  AOL is likely also looking for
an MX record, which you don't have:

    $ dig derek.homeunix.org +short
    68.235.175.211
    pll$ dig derek.homeunix.org MX +short
    pll$ 

What you want is something like:

    $ dig gnhlug.org MX +short
    10 gnhlug.org.

To do this, configure for derek.homeunix.org at DynaDNS.org's site for
your host an MX record under the host config page.  I set mine up to
be the actual hostname my ISP provides for my IP address.  For you
that would be '68-235-175-211.chvlva.adelphia.net.':

    pll$ host derek.homeunix.org
    derek.homeunix.org has address 68.235.175.211
    pll$ host 68.235.175.211
    211.175.235.68.in-addr.arpa domain name pointer 68-235-175-211.chvlva.adelphia.net.

So, at DynaDNS.org's site, go to the config page for your host and
enter '68-235-175-211.chvlva.adelphia.net.' into the MX field.  this
should yield you MX record lookups like this:

    pll$ dig derek.homeunix.org MX +short
    10 68-235-175-211.chvlva.adelphia.net.

>>   Another note: You have no MX record for <derek.homeunix.org>.  Now, the
>> standards very clearly state that, in the absence of an MX record, a mail
>> exchanger should try looking for an A record, and connect to any address
>> found, as if an MX record existed and resolved to that address.  However,
>> there is some broken software in the world that only recognizes MX records.
>> So you may want to add
>> 
>> 	derek.homeunix.org.	MX	10 derek.homeunix.org.
>> 
>> to your DNS zone, even though it is technically redundant.
>
>Again, useful info, and why I'm looking to you guys for help, I think
>this is the main stuff I'm looking for, that and some specifics on
>postfix setup, I'm still somewhat a newbie in this area.

Except that DynaDNS.org doesn't allow this.  It enforces the entry of
something which resolves to an A record.
 
>> > I am looking into getting off of the old domain name ...
>> 
>>   Could you please provide the actual domain name(s) in question?  It makes
>> things a lot easier if we can just run tests directly, rather then trying to
>> guess.
>
>I think you have gotten it by now, but for those who didnt:
>old domain: derek.homeunix.org
>new domain: deucedaily.org

If that's the case, then why do we care about it?  Or is this just an
educational session? (which is perfectly okay, I just want to
understand why your bothing with a domain name you're abandoning :)


Seeya,
Paul
--
Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

	It may look like I'm just sitting here doing nothing,
   but I'm really actively waiting for all my problems to go away.

	 If you're not having fun, you're not doing it right!



More information about the gnhlug-discuss mailing list