Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
RrDNS-v-PTR
1 view
Skip to first unread message
Sam Jones
Apr 3, 2012, 10:56:13 AM4/3/12
to
Good Afternoon,
My senior tech and I have been having a squabble over PTR, Hostnames and
reverse mapping.
If you have a client connect from 1.2.3.4 and perform a host name lookup
on that, so you get back host.example.com, would it impact on mail if a
forward query for host.example.com returned multiple A records, say
1.2.3.4 & 5.6.7.8 alternating between the top of the result sets in a
round robin?
I ask because we've seen an slightly odd pattern to some deferrals with
a host where this happens and wonder if they may be using:
reject_unknown_client_hostname feature, which requires not only
that the address->name and name->address mappings exist, but
also that the two mappings reproduce the client IP address.
The unknown_client_reject_code parameter specifies the response
code for rejected requests (default: 450). The reply is always
450 in case the address->name lookup failed due to a temporary
problem.
Sam
My senior tech and I have been having a squabble over PTR, Hostnames and
reverse mapping.
If you have a client connect from 1.2.3.4 and perform a host name lookup
on that, so you get back host.example.com, would it impact on mail if a
forward query for host.example.com returned multiple A records, say
1.2.3.4 & 5.6.7.8 alternating between the top of the result sets in a
round robin?
I ask because we've seen an slightly odd pattern to some deferrals with
a host where this happens and wonder if they may be using:
reject_unknown_client_hostname feature, which requires not only
that the address->name and name->address mappings exist, but
also that the two mappings reproduce the client IP address.
The unknown_client_reject_code parameter specifies the response
code for rejected requests (default: 450). The reply is always
450 in case the address->name lookup failed due to a temporary
problem.
Sam
Stan Hoeppner
Apr 3, 2012, 11:31:56 AM4/3/12
to
On 4/3/2012 9:56 AM, Sam Jones wrote:
> Good Afternoon,
>
> My senior tech and I have been having a squabble over PTR, Hostnames and
> reverse mapping.
>
> If you have a client connect from 1.2.3.4 and perform a host name lookup
> on that, so you get back host.example.com, would it impact on mail if a
> forward query for host.example.com returned multiple A records, say
> 1.2.3.4 & 5.6.7.8 alternating between the top of the result sets in a
> round robin?
It's possible, but the devil is in the details, which you did not
> Good Afternoon,
>
> My senior tech and I have been having a squabble over PTR, Hostnames and
> reverse mapping.
>
> If you have a client connect from 1.2.3.4 and perform a host name lookup
> on that, so you get back host.example.com, would it impact on mail if a
> forward query for host.example.com returned multiple A records, say
> 1.2.3.4 & 5.6.7.8 alternating between the top of the result sets in a
> round robin?
provide to us.
> I ask because we've seen an slightly odd pattern to some deferrals with
> a host where this happens and wonder if they may be using:
>
> reject_unknown_client_hostname feature, which requires not only
> that the address->name and name->address mappings exist, but
> also that the two mappings reproduce the client IP address.
> The unknown_client_reject_code parameter specifies the response
> code for rejected requests (default: 450). The reply is always
> 450 in case the address->name lookup failed due to a temporary
> problem.
http://www.postfix.org/DEBUG_README.html#mail
Please read it and post the relevant information it instructs you to.
In this case, at minimum, we need to see the SMTP responses from the
remote MTA.
--
Stan
/dev/rob0
Apr 3, 2012, 11:36:23 AM4/3/12
to
On Tue, Apr 03, 2012 at 03:56:13PM +0100, Sam Jones wrote:
> My senior tech and I have been having a squabble over PTR,
> Hostnames and reverse mapping.
>
> If you have a client connect from 1.2.3.4 and perform a host name
> lookup on that, so you get back host.example.com, would it impact
> on mail if a forward query for host.example.com returned multiple
> A records, say 1.2.3.4 & 5.6.7.8 alternating between the top of
> the result sets in a round robin?
Multiple A records for a particular PTR value should not be a
> My senior tech and I have been having a squabble over PTR,
> Hostnames and reverse mapping.
>
> If you have a client connect from 1.2.3.4 and perform a host name
> lookup on that, so you get back host.example.com, would it impact
> on mail if a forward query for host.example.com returned multiple
> A records, say 1.2.3.4 & 5.6.7.8 alternating between the top of
> the result sets in a round robin?
problem. The order in which those records are returned cannot be
relied upon. If 192.0.2.22 connects to smtpd(8), and:
22.2.0.192.in-addr.arpa. PTR host.example.com.
host.example.com. A 192.0.2.2
host.example.com. A 192.0.2.22
host.example.com. A 192.0.2.222
Postfix would log the connection as host.example.com[192.0.2.22].
"unknown[192.0.2.22]" is logged if:
1. 22.2.0.192.in-addr.arpa./PTR returns no value (including NXDOMAIN,
SERVFAIL, and NOERROR)
2. Lookup of the 22.2.0.192.in-addr.arpa./PTR value does not return
an A record with 192.0.2.22 as value.
> I ask because we've seen an slightly odd pattern to some deferrals
> with a host where this happens and wonder if they may be using:
>
> reject_unknown_client_hostname feature, which requires not only
> that the address->name and name->address mappings exist, but
> also that the two mappings reproduce the client IP address.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Sam Jones
Apr 3, 2012, 11:41:45 AM4/3/12
to
On Tue, 2012-04-03 at 10:31 -0500, Stan Hoeppner wrote:
> On 4/3/2012 9:56 AM, Sam Jones wrote:
> > Good Afternoon,
> >
> On 4/3/2012 9:56 AM, Sam Jones wrote:
> > Good Afternoon,
> >
> > My senior tech and I have been having a squabble over PTR, Hostnames and
> > reverse mapping.
> >
> > If you have a client connect from 1.2.3.4 and perform a host name lookup
> > on that, so you get back host.example.com, would it impact on mail if a
> > forward query for host.example.com returned multiple A records, say
> > 1.2.3.4 & 5.6.7.8 alternating between the top of the result sets in a
> > round robin?
>
> > reverse mapping.
> >
> > If you have a client connect from 1.2.3.4 and perform a host name lookup
> > on that, so you get back host.example.com, would it impact on mail if a
> > forward query for host.example.com returned multiple A records, say
> > 1.2.3.4 & 5.6.7.8 alternating between the top of the result sets in a
> > round robin?
>
> It's possible, but the devil is in the details, which you did not
> provide to us.
It really was just a general question as to how an MTA, specifically
> provide to us.
Postfix, would respond if multiple alternating A records were returned
in respect of a forward DNS request for a PTR/Hostname connection
return.
If you don't know, that's fine - just say so. You don't need to let
yourself down with the old flame:
>
> This was included in your list welcome message.
> http://www.postfix.org/DEBUG_README.html#mail
> Please read it and post the relevant information it instructs you to.
> In this case, at minimum, we need to see the SMTP responses from the
> remote MTA.
>
find the configuration value that could impact in such a scneario.
I do apologise for the distress, offence and disturbance my rude stupid
question has obviously caused you. I won't repeat it and I hope you can
forgive me.
Sam Jones
Apr 3, 2012, 11:46:48 AM4/3/12
to
On Tue, 2012-04-03 at 10:36 -0500, /dev/rob0 wrote:
> >
> > If you have a client connect from 1.2.3.4 and perform a host name
> > lookup on that, so you get back host.example.com, would it impact
> > on mail if a forward query for host.example.com returned multiple
> > A records, say 1.2.3.4 & 5.6.7.8 alternating between the top of
> > the result sets in a round robin?
>
> >
> > If you have a client connect from 1.2.3.4 and perform a host name
> > lookup on that, so you get back host.example.com, would it impact
> > on mail if a forward query for host.example.com returned multiple
> > A records, say 1.2.3.4 & 5.6.7.8 alternating between the top of
> > the result sets in a round robin?
>
> Multiple A records for a particular PTR value should not be a
> problem. The order in which those records are returned cannot be
> relied upon. If 192.0.2.22 connects to smtpd(8), and:
>
> 22.2.0.192.in-addr.arpa. PTR host.example.com.
> host.example.com. A 192.0.2.2
> host.example.com. A 192.0.2.22
> host.example.com. A 192.0.2.222
>
> Postfix would log the connection as host.example.com[192.0.2.22].
> "unknown[192.0.2.22]" is logged if:
>
> 1. 22.2.0.192.in-addr.arpa./PTR returns no value (including NXDOMAIN,
> SERVFAIL, and NOERROR)
> 2. Lookup of the 22.2.0.192.in-addr.arpa./PTR value does not return
> an A record with 192.0.2.22 as value.
>
Thank you rob0, that clears it up nicely. Basically, as I understand it,
> problem. The order in which those records are returned cannot be
> relied upon. If 192.0.2.22 connects to smtpd(8), and:
>
> 22.2.0.192.in-addr.arpa. PTR host.example.com.
> host.example.com. A 192.0.2.2
> host.example.com. A 192.0.2.22
> host.example.com. A 192.0.2.222
>
> Postfix would log the connection as host.example.com[192.0.2.22].
> "unknown[192.0.2.22]" is logged if:
>
> 1. 22.2.0.192.in-addr.arpa./PTR returns no value (including NXDOMAIN,
> SERVFAIL, and NOERROR)
> 2. Lookup of the 22.2.0.192.in-addr.arpa./PTR value does not return
> an A record with 192.0.2.22 as value.
>
if the connecting IP appears in a list of multiple A records for the
host, it won't break.
I may have lost a Pizza, but I've gained useful knowledge.
Kind thanks for your polite and very helpful reply. It is really
appreciated.
Wietse Venema
Apr 3, 2012, 11:53:10 AM4/3/12
to
Sam Jones:
as the CLIENT IP address is listed among them.
However, having multiple PTR records for one IP address, that is a
different matter. Postfix will not try to guess which name it should
use. It just takes the first name that comes up, and requires that
that name resolves to the client IP address.
Wietse
> I ask because we've seen an slightly odd pattern to some deferrals with
> a host where this happens and wonder if they may be using:
>
> reject_unknown_client_hostname feature, which requires not only
> that the address->name and name->address mappings exist, but
> also that the two mappings reproduce the client IP address.
>
>
> Good Afternoon,
>
> My senior tech and I have been having a squabble over PTR, Hostnames and
> reverse mapping.
>
>
> My senior tech and I have been having a squabble over PTR, Hostnames and
> reverse mapping.
>
> If you have a client connect from 1.2.3.4 and perform a host name lookup
> on that, so you get back host.example.com, would it impact on mail if a
> forward query for host.example.com returned multiple A records, say
> 1.2.3.4 & 5.6.7.8 alternating between the top of the result sets in a
> round robin?
With Postfix, multiple IP address per A record are fine, as long
> on that, so you get back host.example.com, would it impact on mail if a
> forward query for host.example.com returned multiple A records, say
> 1.2.3.4 & 5.6.7.8 alternating between the top of the result sets in a
> round robin?
as the CLIENT IP address is listed among them.
However, having multiple PTR records for one IP address, that is a
different matter. Postfix will not try to guess which name it should
use. It just takes the first name that comes up, and requires that
that name resolves to the client IP address.
Wietse
> I ask because we've seen an slightly odd pattern to some deferrals with
> a host where this happens and wonder if they may be using:
>
> reject_unknown_client_hostname feature, which requires not only
> that the address->name and name->address mappings exist, but
> also that the two mappings reproduce the client IP address.
> The unknown_client_reject_code parameter specifies the response
> code for rejected requests (default: 450). The reply is always
> 450 in case the address->name lookup failed due to a temporary
> problem.
>
> Sam
> code for rejected requests (default: 450). The reply is always
> 450 in case the address->name lookup failed due to a temporary
> problem.
>
>
>
Sam Jones
Apr 3, 2012, 11:55:44 AM4/3/12
to
On Tue, 2012-04-03 at 11:53 -0400, Wietse Venema wrote:
> With Postfix, multiple IP address per A record are fine, as long
> as the CLIENT IP address is listed among them.
>
> However, having multiple PTR records for one IP address, that is a
> different matter. Postfix will not try to guess which name it should
> use. It just takes the first name that comes up, and requires that
> that name resolves to the client IP address.
Thank you. That is valuable knowledge. Much appreciated.
> With Postfix, multiple IP address per A record are fine, as long
> as the CLIENT IP address is listed among them.
>
> However, having multiple PTR records for one IP address, that is a
> different matter. Postfix will not try to guess which name it should
> use. It just takes the first name that comes up, and requires that
> that name resolves to the client IP address.
Stan Hoeppner
Apr 3, 2012, 1:01:41 PM4/3/12
to
loss as to what prompted this immature drivel. My reply was totally
professional, if dry and somewhat canned. But how such would prompt a
reply like this escapes me. Maybe you're just having a bad day?
--
Stan
Sam Jones
Apr 3, 2012, 1:18:32 PM4/3/12
to
> > I do apologise for the distress, offence and disturbance my rude stupid
> > question has obviously caused you. I won't repeat it and I hope you can
> > forgive me.
>
> Re-reading what I wrote, and reading your reply, leaves me at a bit of a
> loss as to what prompted this immature drivel. My reply was totally
> professional, if dry and somewhat canned. But how such would prompt a
> reply like this escapes me. Maybe you're just having a bad day?
>
you were rude, and quite unnecessarily so. You don't seem to be able to
help it, because when I was perfectly polite to you - if a touch
sarcastic in return to your 'dry and canned' response, you then went on
to describe it as 'immature drivel' - which, I'm sure you would agree,
is somewhat unprofessional and quite hypocritical.
I'm sorry you did not know the answer, but the question has now been
addressed very professionally by polite, skilled people - to whom I am
most grateful and obliged.
I'm sorry to have troubled you.
Stan Hoeppner
Apr 3, 2012, 2:03:55 PM4/3/12
to
On 4/3/2012 12:18 PM, Sam Jones wrote:
>
>>> I do apologise for the distress, offence and disturbance my rude stupid
>>> question has obviously caused you. I won't repeat it and I hope you can
>>> forgive me.
>>
>> Re-reading what I wrote, and reading your reply, leaves me at a bit of a
>> loss as to what prompted this immature drivel. My reply was totally
>> professional, if dry and somewhat canned. But how such would prompt a
>> reply like this escapes me. Maybe you're just having a bad day?
>>
> I really don't want to start a war.
Disingenuous as you intended to, and continue it.
>
>>> I do apologise for the distress, offence and disturbance my rude stupid
>>> question has obviously caused you. I won't repeat it and I hope you can
>>> forgive me.
>>
>> Re-reading what I wrote, and reading your reply, leaves me at a bit of a
>> loss as to what prompted this immature drivel. My reply was totally
>> professional, if dry and somewhat canned. But how such would prompt a
>> reply like this escapes me. Maybe you're just having a bad day?
>>
> I really don't want to start a war.
> I'm old, tired and underpaid, but
> you were rude, and quite unnecessarily so. You don't seem to be able to
> help it, because when I was perfectly polite to you - if a touch
> sarcastic in return to your 'dry and canned' response, you then went on
> to describe it as 'immature drivel' - which, I'm sure you would agree,
> is somewhat unprofessional and quite hypocritical.
unprofessional after I pointed out my post was professional. Calling me
a hypocrite. More reverse projection.
> I'm sorry you did not know the answer, but the question has now been
> addressed very professionally by polite, skilled people - to whom I am
> most grateful and obliged.
> I'm sorry to have troubled you.
Normally I would have simply ignored your baseless rude remarks. But
you made a personal attack out of your reply. Drawing you out a little
more has clearly demonstrated to everyone who and what you are, so my
job is done, so to speak. Feel free to have the last word, including
any/all additional baseless insults you wish.
P.S. be sure in the future to tell Wietse he doesn't know the answer
every time he prompts a poster to follow the list instructions. :)
--
Stan
0 new messages