alex at ergens
Aug 4, 2008, 10:34 AM
Post #2 of 5
(514 views)
Permalink
|
|
Re: Limitations on location of DNS records
[In reply to]
|
|
On Mon, Aug 04, 2008 at 10:58:20AM -0400, Allen Clark wrote:
> Following is a typical example of an SPF record for a typical domain
> "flooringamerica-carpetstudio" that has a single Exchange email server
> located at the IP address 69.89.122.66.
>
> SPF flooringamerica-carpetstudio.com 54800 IN TXT "v=spf1
> ip4:69.89.122. 66 mx ~all"
probably with a dot appended to ..."studio.com", or else a default
will be appended and you end up with domain
flooringamerica-carpetstudio.com.flooringamerica-carpetstudio.com.
no space between "122." and "66" (probably a formatting issue in
your mail client).
"mx" is not typical, especially if there's only one host involved.
If the answer was 'no match' the first time ("ip4:69.89.122.66")
then looking up mx(flooringamerica-carpetstudio.com) results in
a hostname, which when looked up will result in ip address 69.89.122.66,
which when compared against the calling host will still result in
a 'no match' just as it did the first time. Nett result: two DNS
lookups and no gain.
Re publishing SPF:
You will want to publish your SPF policy in a TXT record. Also
publishing it in an SPF record is fine, but as far as I know not
many clients will look for an SPF policy in an SPF record yet.
> My questions are...
>
> If the ISP "A" that provides Internet data service to 69.89.122.66 does
> not have the capability to publish SPF records, which restrictions
> and/or limitations are there about locating authoritative DNS records at
> another DNS provider at ISP "B" that does have the capability to publish
> DNS records?
Two parts of the DNS tree are involved:
"flooringamerica-carpetstudio.com." pointing to 69.89.122.66
and
"66.122.89.69.in-addr.arpa." pointing to "flooringamerica-carpetstudio.com."
N.B.
I did not do any DNS lookups. If the information I provided is wrong,
it is because my input was wrong.
For SPF, you don't need to do anything to "66.122.89.69.in-addr.arpa.".
DNS zone "flooringamerica-carpetstudio.com." needs to be moved (if you
really want to continue publishing an SPF record) to a DNS provider
which does support SPF records.
> In other words may one move all DNS records (A, MX, Reverse DNS, SPF,
> etc.) from ISP "A" to ISP "B", or are there some DNS records (i.e.
> Reverse DNS) that must be published by whatever ISP that provides
> Internet data service to the Exchange email server?
Don't think records. Think zones. You will be moving an entire zone,
not just a couple of records. The PTR records ("reverse DNS") will
be in a zone managed by the provider, the A record will be in a zone
managed by, or on behalf of, flooringamerica-carpetstudio.
This said, usually the PTR record will not be in a zone of its own,
but in a zone containing many PTR records. That's why your provider
does not want to move the zone to your control. And you don't need
this zone to be moved.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
|
