Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx-05.txt> (A NULL MX Resource Record for Domains that Accept No Mail) to Proposed Standard
Mark Andrews <marka@isc.org> Sat, 19 July 2014 00:40 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 881E41A02EE; Fri, 18 Jul 2014 17:40:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sYWL5yD54i8I; Fri, 18 Jul 2014 17:40:15 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C03391A019B; Fri, 18 Jul 2014 17:40:15 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id 978971FCB16; Sat, 19 Jul 2014 00:40:11 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 5AC96160064; Sat, 19 Jul 2014 00:49:06 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id F4091160052; Sat, 19 Jul 2014 00:49:05 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id D59EE1A8457C; Sat, 19 Jul 2014 10:40:09 +1000 (EST)
To: Tony Finch <dot@dotat.at>
From: Mark Andrews <marka@isc.org>
References: <20140703190347.24899.45193.idtracker@ietfa.amsl.com> <7140A115A74391DED82A2028@JcK-HP8200.jck.com> <53C8394A.6080508@dcrocker.net> <20140717233517.42A2F1A71CFD@rock.dv.isc.org> <93F32648FD67AE6ABAC47300@JcK-HP8200.jck.com> <alpine.LSU.2.00.1407181417200.10413@hermes-1.csi.cam.ac.uk> <53C92542.90303@redbarn.org> <alpine.LSU.2.00.1407181500530.13901@hermes-1.csi.cam.ac.uk> <587B02E3-3E3D-4612-8E0D-37C14F8A0A50@ogud.com> <3F6D81F469FB45B1D6B2C327@JcK-HP8200.jck.com> <alpine.LSU.2.00.1407182019070.28941@hermes-1.csi.cam.ac.uk>
In-reply-to: Your message of "Fri, 18 Jul 2014 20:39:06 +0100." <alpine.LSU.2.00.1407182019070.28941@hermes-1.csi.cam.ac.uk>
Date: Sat, 19 Jul 2014 10:40:09 +1000
Message-Id: <20140719004009.D59EE1A8457C@rock.dv.isc.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/YoZYPTLHEW9YTqSqj5SDdUQPJqY
Cc: John C Klensin <john-ietf@jck.com>, Paul Vixie <paul@redbarn.org>, dnsop@ietf.org, John Levine <johnl@taugh.com>, iesg@ietf.org
Subject: Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx-05.txt> (A NULL MX Resource Record for Domains that Accept No Mail) to Proposed Standard
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jul 2014 00:40:17 -0000
In message <alpine.LSU.2.00.1407182019070.28941@hermes-1.csi.cam.ac.uk>, Tony F inch writes: > > John C Klensin <john-ietf@jck.com> wrote: > > > > If a particular SMTP implementation is aware of and follows the spec, > > almost any consensus indicator that doesn't conflict with other things > > should be fine -- > > There are actually more constraints than you imply in your message. > > > "." > > Has the advantage of being implemented and deployed. Has the disadvantage > of directing useless queries to the root name servers from MTAs that do > not understand null MX records. > > > "*******" > > MX target names should obey the LDH host name rules. You won't be able to > enter this target into many DNS admin tools since they enforce LDH syntax. > Some nameservers (e.g. BIND) will by default refuse to load a zone with > a non-hostname MX target. > > This loses the advantages of a "." target and fails to keep useless > queries away from the root name servers. "." is a place holder exception. Below is a minimal zone with a MX with all the domains set to ".". Named will load "MX 0 ." fine. "." prevents lots of the internal checks at load time from triggering. % named-checkzone zone zone zone:1: no TTL specified; using SOA MINTTL instead zone zone/IN: loaded serial 0 OK % cat zone @ SOA . . 0 0 0 0 0 @ NS . @ MX 0 . % "MX 0 ." is also consistent with "SRV 0 0 0 ." which is documented. "no-mail.invalid" however will elicit a warning / failure depending upon what the error level is set to. Named-checkzone looks up every MX target and check for A or AAAA records with the exception of ".". It also checks that they are syntactically valid hostnames. It also tries to determine if a IPv4 address has been used instead of a hostname by mistake. % named-checkzone zone zone zone:1: no TTL specified; using SOA MINTTL instead zone zone/IN: zone/MX 'no-mail.invalid' (out of zone) has no addresses records (A or AAAA) zone zone/IN: loaded serial 0 OK % cat zone @ SOA . . 0 0 0 0 0 @ NS . @ MX 0 no-mail.invalid. % "." is a really good exception marker. It is also the minimal exception marker we can have. > > a special name in example.com or example.net, > > These domains are reserved for use in examples, not for production > purposes. Are their name servers scaled up enough to handle stray > queries from MTAs that don't understand null MX records? > > This question applies to any non-"." target. The reason I suggested using > AS112 was because it is designed for sinking unwanted queries that should > not have leaked out in the first place. But I still prefer to stick with > ".". > > > Since SMTP prohibits non-ASCII domain names, one might even consider > > something Like "=D1=84=D0=B8=D0=BA=D1=82=D0=B8=D0=B2=D0=BD=D1=8B=D0=B9.ex= > ample.com" or "=E8=99=9A=E5=81=87.example.com" (literally, > > not as IDNA A-labels) which would cause many SMTP servers to do > > something nasty that does not involve the DNS. > > You are muddling up the IDNA layers here. The MX target comes from the DNS > so if you try to put an IDNA name there it has to be encoded as an A-label > before you put it in the DNS. If you try hard you can put un-encoded UTF-8 > in the DNS, but then it would violate the hostname rules in a similar way > to "*******". > > It is likely that there are MTAs which do not check that MX targets > actually obey hostname syntax, so this kind of hack is not going to > reliably suppress lookups. > > > They will certainly do lookups; how far they will get and whether they > > will requeue and try again depends somewhat on the string chosen > > I think it depends more on the MTA's and/or postmaster's attitude to DNS > misconfiguration. Some are quicker to permfail than others. > > Tony. > --=20 > f.anthony.n.finch <dot@dotat.at> http://dotat.at/ > Irish Sea: South or southeast 4 or 5, becoming variable 3 or 4. Moderate > becoming slight. Rain or thundery showers, fog patches. Moderate or good, > occasionally very poor. > --1870869256-999632820-1405712346=:28941 > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > --1870869256-999632820-1405712346=:28941-- > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Andrews
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Murray S. Kucherawy
- Re: [DNSOP] [apps-discuss] Last Call: <draft-ietf… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Andrews
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Paul Vixie
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Olafur Gudmundsson
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John Levine
- Re: [DNSOP] [apps-discuss] Last Call: <draft-ietf… Ned Freed
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Olafur Gudmundsson
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Delany
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John R Levine
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Andrews
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Andrews
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Dave Crocker
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Dave Crocker
- Re: [DNSOP] [apps-discuss] Last Call: <draft-ietf… Nico Williams
- [DNSOP] Last Call conduct redux (Was: Last Call: … Pete Resnick
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Kevin Darcy
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… John Levine
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Kevin Darcy
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Kevin Darcy
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Andrews
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Delany
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Kevin Darcy
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Andrews
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Delany
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Andrews
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Kevin Darcy
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Hector Santos
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Mark Andrews
- Re: [DNSOP] Last Call: <draft-ietf-appsawg-nullmx… Hector Santos