[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Wildcard DNS
- Subject: [cobalt-users] Wildcard DNS
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Mon Jul 24 19:04:57 2000
- Organization: nobaloney.net
I recently came across this statement about wildcard DNS on the
sendmail.org FAQ site, and thought I'd publish it here as an archive
record of the "why-nots" of wildcard DNS.
I didn't write this, I'm just copying it in here for the record...
Q4.1 -- Should I use a wildcard MX for my domain?
Date: July 9, 1996
Updated: November 5, 1997
If at all possible, no.
Wildcard MX records have lots of semantic "gotcha"s. For example, they
will match a host "unknown.your.domain" -- if you don't explicitly test
for unknown
hosts in your domain, you will get "MX list for hostname points back to
hostname" or "config error: mail loops back to myself".
See RFCs 1535, 1536, and 1912 (updates RFC 1537) for more detail and
other related (or common) problems. See also _DNS and BIND_ by Albitz
and Liu.
They can also cause your system to add your domain to outgoing FQDNs in
a desperate attempt to get the mail to where it's supposed to go, but
because
*.your.domain is valid due to the wildcard MX, delivery to
not.real.domain.your.domain will get dumped on you, and you may even
find yourself in a loop as the
domain keeps getting tacked on time after time after time (the "config
error: mail loops back to myself" problem).
Wildcard MX records are just a bad idea, plain and simple. They don't
work the way you'd expect, and virtually no one gets them right. Avoid
them at all costs.
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205