Dumb Question is an A or AAAA record required?

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Dumb Question is an A or AAAA record required?

@lbutlr
Given a domain that is hosted and used for email and web, is an A record for that domain actually required?

That is, if bob.tld is hosted by example.com can you simply have

        NS ns1.example.com
        NS ns2.example.com
        MX mx.example.com

www CNAME www.example.com

Without specifying

        A 11.22.33.444

(I am pretty sure this is *technically* allowed, but is it really OK to do or are there reasons not to do this?)



--
And there were all the stars, looking remarkably like powered
        diamonds spilled on black velvet, the stars that lured and
        ultimately called the boldest towards them…

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Dumb Question is an A or AAAA record required?

Anand Buddhdev
On 09/07/2020 14:21, @lbutlr wrote:

> Given a domain that is hosted and used for email and web, is an A
> record for that domain actually required?

It's not *required*. But see below.

> That is, if bob.tld is hosted by example.com can you simply have
>
> NS ns1.example.com
> NS ns2.example.com
> MX mx.example.com
>
> www CNAME www.example.com
>
> Without specifying
>
> A 11.22.33.444

These days, many folk try to reach websites by typing just the bare
domain name without the "www" prefix.

If a user types "bob.tld" into a browser, the browser will issue an
address lookup for "bob.tld", causing the resolver to ask for A and AAAA
records for "bob.tld". If you don't have an A record at the zone apex,
the browser will not get back any address and display an error message
for the user. An alert user might try "www.bob.tld" but most users are
likely to just give up.

So while it's not *required* to have an address record at the apex, it's
good practice to have one.

Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Dumb Question is an A or AAAA record required?

Mark Andrews
In reply to this post by @lbutlr
At this stage one still needs A records to be reachable by everyone.  One should also ensure you are reachable over IPv6 as lots of the world behind IPv6 only links as their ISPs don’t have enough IPv4 addresses for every one.  Instead they have to use some form of IPv4 as a service which is significantly more expensive to operate compared to straight routers.

--
Mark Andrews

> On 9 Jul 2020, at 22:22, @lbutlr <[hidden email]> wrote:
>
> Given a domain that is hosted and used for email and web, is an A record for that domain actually required?
>
> That is, if bob.tld is hosted by example.com can you simply have
>
>    NS ns1.example.com
>    NS ns2.example.com
>    MX mx.example.com
>
> www    CNAME www.example.com
>
> Without specifying
>
>    A 11.22.33.444
>
> (I am pretty sure this is *technically* allowed, but is it really OK to do or are there reasons not to do this?)
>
>
>
> --
> And there were all the stars, looking remarkably like powered
>    diamonds spilled on black velvet, the stars that lured and
>    ultimately called the boldest towards them…
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

RE: [Non-DoD Source] Re: Dumb Question is an A or AAAA record required?

Bind-Users forum mailing list
Would the lack of A records affect pointer records?  Seems like it would.


Jim

"If you always do what you always did you will always get what you always got."

-----Original Message-----
From: bind-users <[hidden email]> On Behalf Of Mark Andrews
Sent: Thursday, July 9, 2020 8:56 AM
To: @lbutlr <[hidden email]>
Cc: bind-users <[hidden email]>
Subject: [Non-DoD Source] Re: Dumb Question is an A or AAAA record required?

All active links contained in this email were disabled.  Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.  




----

At this stage one still needs A records to be reachable by everyone.  One should also ensure you are reachable over IPv6 as lots of the world behind IPv6 only links as their ISPs don’t have enough IPv4 addresses for every one.  Instead they have to use some form of IPv4 as a service which is significantly more expensive to operate compared to straight routers.

--
Mark Andrews

> On 9 Jul 2020, at 22:22, @lbutlr <[hidden email]> wrote:
>
> Given a domain that is hosted and used for email and web, is an A record for that domain actually required?
>
> That is, if bob.tld is hosted by example.com can you simply have
>
>    NS ns1.example.com
>    NS ns2.example.com
>    MX mx.example.com
>
> www    CNAME Caution-www.example.com
>
> Without specifying
>
>    A 11.22.33.444
>
> (I am pretty sure this is *technically* allowed, but is it really OK to do or are there reasons not to do this?)
>
>
>
> --
> And there were all the stars, looking remarkably like powered
>    diamonds spilled on black velvet, the stars that lured and
>    ultimately called the boldest towards them…
>
> _______________________________________________
> Please visit Caution-https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at Caution-https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> Caution-https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit Caution-https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at Caution-https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
Caution-https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

VS: Dumb Question is an A or AAAA record required?

Jukka Pakkanen
In reply to this post by @lbutlr
Only CNAME is perfectly fine, except if you want the site work without the www-prefix like someone already pointed out.  Of course there must be A record for that name where the cname points to somewhere, but I read the question that this is not your concern.

Jukka

-----Alkuperäinen viesti-----
Lähettäjä: bind-users <[hidden email]> Puolesta @lbutlr
Lähetetty: 9. heinäkuuta 2020 14:22
Vastaanottaja: bind-users <[hidden email]>
Aihe: Dumb Question is an A or AAAA record required?

Given a domain that is hosted and used for email and web, is an A record for that domain actually required?

That is, if bob.tld is hosted by example.com can you simply have

        NS ns1.example.com
        NS ns2.example.com
        MX mx.example.com

www CNAME www.example.com

Without specifying

        A 11.22.33.444

(I am pretty sure this is *technically* allowed, but is it really OK to do or are there reasons not to do this?)



--
And there were all the stars, looking remarkably like powered
        diamonds spilled on black velvet, the stars that lured and
        ultimately called the boldest towards them…

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: [Non-DoD Source] Re: Dumb Question is an A or AAAA record required?

Matus UHLAR - fantomas
In reply to this post by Bind-Users forum mailing list
On 09.07.20 13:16, DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users wrote:
>Would the lack of A records affect pointer records?  Seems like it would.

pointer records are independent on A/CNAME records and irelevant in thie
case.

>-----Original Message-----
>From: bind-users <[hidden email]> On Behalf Of Mark Andrews
>Sent: Thursday, July 9, 2020 8:56 AM
>To: @lbutlr <[hidden email]>
>Cc: bind-users <[hidden email]>
>Subject: [Non-DoD Source] Re: Dumb Question is an A or AAAA record required?
>
>At this stage one still needs A records to be reachable by everyone.  One should also ensure you are reachable over IPv6 as lots of the world behind IPv6 only links as their ISPs don’t have enough IPv4 addresses for every one.  Instead they have to use some form of IPv4 as a service which is significantly more expensive to operate compared to straight routers.


>> On 9 Jul 2020, at 22:22, @lbutlr <[hidden email]> wrote:
>>
>> Given a domain that is hosted and used for email and web, is an A record for that domain actually required?
>>
>> That is, if bob.tld is hosted by example.com can you simply have
>>
>>    NS ns1.example.com
>>    NS ns2.example.com
>>    MX mx.example.com
>>
>> www    CNAME Caution-www.example.com
>>
>> Without specifying
>>
>>    A 11.22.33.444
>>
>> (I am pretty sure this is *technically* allowed, but is it really OK to do or are there reasons not to do this?)

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Dumb Question is an A or AAAA record required?

Matthew Richardson
In reply to this post by Anand Buddhdev
On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be
delivered to that A record rather than the MX.  I had (again long ago:
10-15 years) actually seen this occur.

Do people think that this problem could still occur these days?  What sort
of transient (presumably DNS) failure might cause an SMTP server to deliver
to A rather than MX?

Best wishes,
Matthew

 ------
>From: Anand Buddhdev <[hidden email]>
>To: "@lbutlr" <[hidden email]>, bind-users <[hidden email]>
>Cc:
>Date: Thu, 9 Jul 2020 14:43:04 +0200
>Subject: Re: Dumb Question is an A or AAAA record required?

>On 09/07/2020 14:21, @lbutlr wrote:
>
>> Given a domain that is hosted and used for email and web, is an A
>> record for that domain actually required?
>
>It's not *required*. But see below.
>
>> That is, if bob.tld is hosted by example.com can you simply have
>>
>> NS ns1.example.com
>> NS ns2.example.com
>> MX mx.example.com
>>
>> www CNAME www.example.com
>>
>> Without specifying
>>
>> A 11.22.33.444
>
>These days, many folk try to reach websites by typing just the bare
>domain name without the "www" prefix.
>
>If a user types "bob.tld" into a browser, the browser will issue an
>address lookup for "bob.tld", causing the resolver to ask for A and AAAA
>records for "bob.tld". If you don't have an A record at the zone apex,
>the browser will not get back any address and display an error message
>for the user. An alert user might try "www.bob.tld" but most users are
>likely to just give up.
>
>So while it's not *required* to have an address record at the apex, it's
>good practice to have one.
>
>Anand
>_______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
>bind-users mailing list
>[hidden email]
>https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Dumb Question is an A or AAAA record required?

Ondřej Surý
Missing MX, there’s actually syntax accepted by major SMTP servers to disable SMTP for domain:

example.com. MX 0 .

Ondrej
--
Ondřej Surý — ISC

> On 9 Jul 2020, at 16:06, Matthew Richardson <[hidden email]> wrote:
>
> On a related issues there were (perhaps long ago) issues if the A record
> for a domain had an SMTP server on it, where email could sometimes be
> delivered to that A record rather than the MX.  I had (again long ago:
> 10-15 years) actually seen this occur.
>
> Do people think that this problem could still occur these days?  What sort
> of transient (presumably DNS) failure might cause an SMTP server to deliver
> to A rather than MX?
>
> Best wishes,
> Matthew
>
> ------
>> From: Anand Buddhdev <[hidden email]>
>> To: "@lbutlr" <[hidden email]>, bind-users <[hidden email]>
>> Cc:
>> Date: Thu, 9 Jul 2020 14:43:04 +0200
>> Subject: Re: Dumb Question is an A or AAAA record required?
>
>>> On 09/07/2020 14:21, @lbutlr wrote:
>>>
>>> Given a domain that is hosted and used for email and web, is an A
>>> record for that domain actually required?
>>
>> It's not *required*. But see below.
>>
>>> That is, if bob.tld is hosted by example.com can you simply have
>>>
>>>    NS ns1.example.com
>>>    NS ns2.example.com
>>>    MX mx.example.com
>>>
>>> www    CNAME www.example.com
>>>
>>> Without specifying
>>>
>>>    A 11.22.33.444
>>
>> These days, many folk try to reach websites by typing just the bare
>> domain name without the "www" prefix.
>>
>> If a user types "bob.tld" into a browser, the browser will issue an
>> address lookup for "bob.tld", causing the resolver to ask for A and AAAA
>> records for "bob.tld". If you don't have an A record at the zone apex,
>> the browser will not get back any address and display an error message
>> for the user. An alert user might try "www.bob.tld" but most users are
>> likely to just give up.
>>
>> So while it's not *required* to have an address record at the apex, it's
>> good practice to have one.
>>
>> Anand
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> [hidden email]
>> https://lists.isc.org/mailman/listinfo/bind-users
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Dumb Question is an A or AAAA record required?

Matus UHLAR - fantomas
In reply to this post by Matthew Richardson
On 09.07.20 15:06, Matthew Richardson wrote:
>On a related issues there were (perhaps long ago) issues if the A record
>for a domain had an SMTP server on it, where email could sometimes be
>delivered to that A record rather than the MX.  I had (again long ago:
>10-15 years) actually seen this occur.

If there is MX record for a domain, a MTA MUST only use MX record when
delivering to that domain.

If there is no MX record for a domain, but an A record is available, MTA
uses default MX with preference of 0 pointing to that A records.

This is how it's defined to work, this is not "an issue about that".

>Do people think that this problem could still occur these days?  What sort
>of transient (presumably DNS) failure might cause an SMTP server to deliver
>to A rather than MX?

the only DNS failure that could cause this (and I can think of now) is if
DNS server incorrectly returned NODATA for MX record (effectively saying
there's no MX).

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

VS: Dumb Question is an A or AAAA record required?

Jukka Pakkanen
In reply to this post by Matthew Richardson
Many spammers send in addition to MX to A records, if available.  Still, it is a good practice to not to publish an A record for the mail zone, if not specifically needed for something else.  Of course if it points to somewhere else than the receiving SMTP server, not much harm done mail-traffic-wise.


Jukka

-----Alkuperäinen viesti-----
Lähettäjä: bind-users <[hidden email]> Puolesta Matthew Richardson
Lähetetty: 9. heinäkuuta 2020 16:06
Vastaanottaja: bind-users <[hidden email]>
Aihe: Re: Dumb Question is an A or AAAA record required?

On a related issues there were (perhaps long ago) issues if the A record for a domain had an SMTP server on it, where email could sometimes be delivered to that A record rather than the MX.  I had (again long ago:
10-15 years) actually seen this occur.

Do people think that this problem could still occur these days?  What sort of transient (presumably DNS) failure might cause an SMTP server to deliver to A rather than MX?

Best wishes,
Matthew

 ------
>From: Anand Buddhdev <[hidden email]>
>To: "@lbutlr" <[hidden email]>, bind-users
><[hidden email]>
>Cc:
>Date: Thu, 9 Jul 2020 14:43:04 +0200
>Subject: Re: Dumb Question is an A or AAAA record required?

>On 09/07/2020 14:21, @lbutlr wrote:
>
>> Given a domain that is hosted and used for email and web, is an A
>> record for that domain actually required?
>
>It's not *required*. But see below.
>
>> That is, if bob.tld is hosted by example.com can you simply have
>>
>> NS ns1.example.com
>> NS ns2.example.com
>> MX mx.example.com
>>
>> www CNAME www.example.com
>>
>> Without specifying
>>
>> A 11.22.33.444
>
>These days, many folk try to reach websites by typing just the bare
>domain name without the "www" prefix.
>
>If a user types "bob.tld" into a browser, the browser will issue an
>address lookup for "bob.tld", causing the resolver to ask for A and
>AAAA records for "bob.tld". If you don't have an A record at the zone
>apex, the browser will not get back any address and display an error
>message for the user. An alert user might try "www.bob.tld" but most
>users are likely to just give up.
>
>So while it's not *required* to have an address record at the apex,
>it's good practice to have one.
>
>Anand
>_______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe from this list
>
>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
>bind-users mailing list
>[hidden email]
>https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: VS: Dumb Question is an A or AAAA record required?

Reindl Harald


Am 09.07.20 um 16:38 schrieb Jukka Pakkanen:
> Many spammers send in addition to MX to A records, if available.  Still, it is a good practice to not to publish an A record for the mail zone, if not specifically needed for something else.  Of course if it points to somewhere else than the receiving SMTP server, not much harm done mail-traffic-wise.

why should it be a good practice not publish an A record?

nothing better can happen than a spammer trying the wrong server at all
as you don't accept random unauthenticated inbound mail on random machines

> -----Alkuperäinen viesti-----
> Lähettäjä: bind-users <[hidden email]> Puolesta Matthew Richardson
> Lähetetty: 9. heinäkuuta 2020 16:06
> Vastaanottaja: bind-users <[hidden email]>
> Aihe: Re: Dumb Question is an A or AAAA record required?
>
> On a related issues there were (perhaps long ago) issues if the A record for a domain had an SMTP server on it, where email could sometimes be delivered to that A record rather than the MX.  I had (again long ago:
> 10-15 years) actually seen this occur.
>
> Do people think that this problem could still occur these days?  What sort of transient (presumably DNS) failure might cause an SMTP server to deliver to A rather than MX?
>
>> From: Anand Buddhdev <[hidden email]>
>> To: "@lbutlr" <[hidden email]>, bind-users
>> <[hidden email]>
>> Cc:
>> Date: Thu, 9 Jul 2020 14:43:04 +0200
>> Subject: Re: Dumb Question is an A or AAAA record required?
>
>> On 09/07/2020 14:21, @lbutlr wrote:
>>
>>> Given a domain that is hosted and used for email and web, is an A
>>> record for that domain actually required?
>>
>> It's not *required*. But see below.
>>
>>> That is, if bob.tld is hosted by example.com can you simply have
>>>
>>> NS ns1.example.com
>>> NS ns2.example.com
>>> MX mx.example.com
>>>
>>> www CNAME www.example.com
>>>
>>> Without specifying
>>>
>>> A 11.22.33.444
>>
>> These days, many folk try to reach websites by typing just the bare
>> domain name without the "www" prefix.
>>
>> If a user types "bob.tld" into a browser, the browser will issue an
>> address lookup for "bob.tld", causing the resolver to ask for A and
>> AAAA records for "bob.tld". If you don't have an A record at the zone
>> apex, the browser will not get back any address and display an error
>> message for the user. An alert user might try "www.bob.tld" but most
>> users are likely to just give up.
>>
>> So while it's not *required* to have an address record at the apex,
>> it's good practice to have one.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Dumb Question is an A or AAAA record required?

Anand Buddhdev
In reply to this post by Matthew Richardson
On 09/07/2020 16:06, Matthew Richardson wrote:

> On a related issues there were (perhaps long ago) issues if the A record
> for a domain had an SMTP server on it, where email could sometimes be
> delivered to that A record rather than the MX.  I had (again long ago:
> 10-15 years) actually seen this occur.

Note that *delivery* will only happen if that A record were actually
listening on tcp/25 and accepting SMTP connections. No-one should be
opening up the SMTP port on a server meant to serve only HTTP(S)
traffic. Anyone who does that deserves what they get for making such
poor decisions.

Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Dumb Question is an A or AAAA record required?

Matthew Richardson
My question is raised because of such "poor decisions" by certain web
hosting providers (naming no names!) whose provisioning systems require
records for both www and the domain root pointing to their systems, and
where those systems DO LISTEN on port 25.

In these modern days, should one be concerned about this for a domain where
the MX records point to proper enterprise grade email services?  The
problem is that the web hosting provider's poor decision might interfere
with the enterprise email system.

I think Matus may be correct that this is only an issue if the MX query
returns NODATA rather than timing out.  In the old days (10-15 years ago),
I think a timeout may have triggered the failback from MX to A, but I am
not sure.

Best wishes,
Matthew

 ------
>From: Anand Buddhdev <[hidden email]>
>To: Matthew Richardson <[hidden email]>, bind-users <[hidden email]>
>Cc:
>Date: Thu, 9 Jul 2020 17:06:13 +0200
>Subject: Re: Dumb Question is an A or AAAA record required?

>On 09/07/2020 16:06, Matthew Richardson wrote:
>
>> On a related issues there were (perhaps long ago) issues if the A record
>> for a domain had an SMTP server on it, where email could sometimes be
>> delivered to that A record rather than the MX.  I had (again long ago:
>> 10-15 years) actually seen this occur.
>
>Note that *delivery* will only happen if that A record were actually
>listening on tcp/25 and accepting SMTP connections. No-one should be
>opening up the SMTP port on a server meant to serve only HTTP(S)
>traffic. Anyone who does that deserves what they get for making such
>poor decisions.
>
>Anand

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Dumb Question is an A or AAAA record required?

Mark Andrews
Very soon you will be able to specify HTTPS records. BIND has a implementation that is just waiting for the draft to go to the RFC editor. The type codes are already allocated.

This still requires clients to lookup the records but the browser vendors are on board.

--
Mark Andrews

> On 10 Jul 2020, at 02:03, Matthew Richardson <[hidden email]> wrote:
>
> My question is raised because of such "poor decisions" by certain web
> hosting providers (naming no names!) whose provisioning systems require
> records for both www and the domain root pointing to their systems, and
> where those systems DO LISTEN on port 25.
>
> In these modern days, should one be concerned about this for a domain where
> the MX records point to proper enterprise grade email services?  The
> problem is that the web hosting provider's poor decision might interfere
> with the enterprise email system.
>
> I think Matus may be correct that this is only an issue if the MX query
> returns NODATA rather than timing out.  In the old days (10-15 years ago),
> I think a timeout may have triggered the failback from MX to A, but I am
> not sure.
>
> Best wishes,
> Matthew
>
> ------
>> From: Anand Buddhdev <[hidden email]>
>> To: Matthew Richardson <[hidden email]>, bind-users <[hidden email]>
>> Cc:
>> Date: Thu, 9 Jul 2020 17:06:13 +0200
>> Subject: Re: Dumb Question is an A or AAAA record required?
>
>>> On 09/07/2020 16:06, Matthew Richardson wrote:
>>> On a related issues there were (perhaps long ago) issues if the A record
>>> for a domain had an SMTP server on it, where email could sometimes be
>>> delivered to that A record rather than the MX.  I had (again long ago:
>>> 10-15 years) actually seen this occur.
>> Note that *delivery* will only happen if that A record were actually
>> listening on tcp/25 and accepting SMTP connections. No-one should be
>> opening up the SMTP port on a server meant to serve only HTTP(S)
>> traffic. Anyone who does that deserves what they get for making such
>> poor decisions.
>> Anand
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Dumb Question is an A or AAAA record required?

Bind-Users forum mailing list
In reply to this post by Anand Buddhdev
On 7/9/20 6:43 AM, Anand Buddhdev wrote:
> If you don't have an A record at the zone apex, the browser will not
> get back any address and display an error message for the user.

There was a point in time when the big web browsers would try connecting
to www.<domain>.<tld> if connecting to <domain>.<tld> failed.

I don't know what the current state of affairs is.



--
Grant. . . .
unix || die


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

smime.p7s (5K) Download Attachment