To: bind-users@lists.isc.org (bind-users)

T25seSBDTkFNRSBpcyBwZXJmZWN0bHkgZmluZSwgZXhjZXB0IGlmIHlvdSB3YW50IHRoZSBzaXRl IHdvcmsgd2l0aG91dCB0aGUgd3d3LXByZWZpeCBsaWtlIHNvbWVvbmUgYWxyZWFkeSBwb2ludGVk IG91dC4gIE9mIGNvdXJzZSB0aGVyZSBtdXN0IGJlIEEgcmVjb3JkIGZvciB0aGF0IG5hbWUgd2hl cmUgdGhlIGNuYW1lIHBvaW50cyB0byBzb21ld2hlcmUsIGJ1dCBJIHJlYWQgdGhlIHF1ZXN0aW9u IHRoYXQgdGhpcyBpcyBub3QgeW91ciBjb25jZXJuLg0KDQpKdWtrYQ0KDQotLS0tLUFsa3VwZXLD pGluZW4gdmllc3RpLS0tLS0NCkzDpGhldHTDpGrDpDogYmluZC11c2VycyA8YmluZC11c2Vycy1i b3VuY2VzQGxpc3RzLmlzYy5vcmc+IFB1b2xlc3RhIEBsYnV0bHINCkzDpGhldGV0dHk6IDkuIGhl aW7DpGt1dXRhIDIwMjAgMTQ6MjINClZhc3RhYW5vdHRhamE6IGJpbmQtdXNlcnMgPGJpbmQtdXNl cnNAbGlzdHMuaXNjLm9yZz4NCkFpaGU6IER1bWIgUXVlc3Rpb24gaXMgYW4gQSBvciBBQUFBIHJl Y29yZCByZXF1aXJlZD8NCg0KR2l2ZW4gYSBkb21haW4gdGhhdCBpcyBob3N0ZWQgYW5kIHVzZWQg Zm9yIGVtYWlsIGFuZCB3ZWIsIGlzIGFuIEEgcmVjb3JkIGZvciB0aGF0IGRvbWFpbiBhY3R1YWxs eSByZXF1aXJlZD8NCg0KVGhhdCBpcywgaWYgYm9iLnRsZCBpcyBob3N0ZWQgYnkgZXhhbXBsZS5j b20gY2FuIHlvdSBzaW1wbHkgaGF2ZQ0KDQoJTlMgbnMxLmV4YW1wbGUuY29tDQoJTlMgbnMyLmV4 YW1wbGUuY29tDQoJTVggbXguZXhhbXBsZS5jb20NCg0Kd3d3CUNOQU1FIHd3dy5leGFtcGxlLmNv bQ0KDQpXaXRob3V0IHNwZWNpZnlpbmcgDQoNCglBIDExLjIyLjMzLjQ0NA0KDQooSSBhbSBwcmV0 dHkgc3VyZSB0aGlzIGlzICp0ZWNobmljYWxseSogYWxsb3dlZCwgYnV0IGlzIGl0IHJlYWxseSBP SyB0byBkbyBvciBhcmUgdGhlcmUgcmVhc29ucyBub3QgdG8gZG8gdGhpcz8pDQoNCg0KDQotLSAN CkFuZCB0aGVyZSB3ZXJlIGFsbCB0aGUgc3RhcnMsIGxvb2tpbmcgcmVtYXJrYWJseSBsaWtlIHBv d2VyZWQNCglkaWFtb25kcyBzcGlsbGVkIG9uIGJsYWNrIHZlbHZldCwgdGhlIHN0YXJzIHRoYXQg bHVyZWQgYW5kDQoJdWx0aW1hdGVseSBjYWxsZWQgdGhlIGJvbGRlc3QgdG93YXJkcyB0aGVt4oCm DQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpQbGVh c2UgdmlzaXQgaHR0cHM6Ly9saXN0cy5pc2Mub3JnL21haWxtYW4vbGlzdGluZm8vYmluZC11c2Vy cyB0byB1bnN1YnNjcmliZSBmcm9tIHRoaXMgbGlzdA0KDQpJU0MgZnVuZHMgdGhlIGRldmVsb3Bt ZW50IG9mIHRoaXMgc29mdHdhcmUgd2l0aCBwYWlkIHN1cHBvcnQgc3Vic2NyaXB0aW9ucy4gQ29u dGFjdCB1cyBhdCBodHRwczovL3d3dy5pc2Mub3JnL2NvbnRhY3QvIGZvciBtb3JlIGluZm9ybWF0 aW9uLg0KDQoNCmJpbmQtdXNlcnMgbWFpbGluZyBsaXN0DQpiaW5kLXVzZXJzQGxpc3RzLmlzYy5v cmcNCmh0dHBzOi8vbGlzdHMuaXNjLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2JpbmQtdXNlcnMNCg==

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

To: bind-users@lists.isc.org (bind-users)

Many spammers send in addition to MX to A records, if available. Still, it is a good practice to not to publish an A record for the mail zone, if not specifically needed for something else. Of course if it points to somewhere else than the receiving
SMTP server, not much harm done mail-traffic-wise.


Jukka

-----Alkuperäinen viesti-----
Lähettäjä: bind-users <bind-users-bounces@lists.isc.org> Puolesta Matthew Richardson
Lähetetty: 9. heinäkuuta 2020 16:06
Vastaanottaja: bind-users <bind-users@lists.isc.org>
Aihe: Re: Dumb Question is an A or AAAA record required?

On a related issues there were (perhaps long ago) issues if the A record for a domain had an SMTP server on it, where email could sometimes be delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.

Do people think that this problem could still occur these days? What sort of transient (presumably DNS) failure might cause an SMTP server to deliver to A rather than MX?

Best wishes,
Matthew

------

From: Anand Buddhdev <anandb@ripe.net>
To: "@lbutlr" <kremels@kreme.com>, bind-users
<bind-users@lists.isc.org>
Cc:
Date: Thu, 9 Jul 2020 14:43:04 +0200
Subject: Re: Dumb Question is an A or AAAA record required?

On 09/07/2020 14:21, @lbutlr wrote:

Given a domain that is hosted and used for email and web, is an A
record for that domain actually required?

It's not *required*. But see below.

That is, if bob.tld is hosted by example.com can you simply have

NS ns1.example.com
NS ns2.example.com
MX mx.example.com

www CNAME www.example.com

Without specifying

A 11.22.33.444

These days, many folk try to reach websites by typing just the bare
domain name without the "www" prefix.

If a user types "bob.tld" into a browser, the browser will issue an
address lookup for "bob.tld", causing the resolver to ask for A and
AAAA records for "bob.tld". If you don't have an A record at the zone
apex, the browser will not get back any address and display an error
message for the user. An alert user might try "www.bob.tld" but most
users are likely to just give up.

So while it's not *required* to have an address record at the apex,
it's good practice to have one.

Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to >unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am 09.07.20 um 16:38 schrieb Jukka Pakkanen:

Many spammers send in addition to MX to A records, if available. Still, it is a good practice to not to publish an A record for the mail zone, if not specifically needed for something else. Of course if it points to somewhere else than the receiving

SMTP server, not much harm done mail-traffic-wise.

why should it be a good practice not publish an A record?

nothing better can happen than a spammer trying the wrong server at all
as you don't accept random unauthenticated inbound mail on random machines

-----Alkuperäinen viesti-----
Lähettäjä: bind-users <bind-users-bounces@lists.isc.org> Puolesta Matthew Richardson
Lähetetty: 9. heinäkuuta 2020 16:06
Vastaanottaja: bind-users <bind-users@lists.isc.org>
Aihe: Re: Dumb Question is an A or AAAA record required?

On a related issues there were (perhaps long ago) issues if the A record for a domain had an SMTP server on it, where email could sometimes be delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.

Do people think that this problem could still occur these days? What sort of transient (presumably DNS) failure might cause an SMTP server to deliver to A rather than MX?

From: Anand Buddhdev <anandb@ripe.net>
To: "@lbutlr" <kremels@kreme.com>, bind-users
<bind-users@lists.isc.org>
Cc:
Date: Thu, 9 Jul 2020 14:43:04 +0200
Subject: Re: Dumb Question is an A or AAAA record required?

On 09/07/2020 14:21, @lbutlr wrote:

Given a domain that is hosted and used for email and web, is an A
record for that domain actually required?

It's not *required*. But see below.

That is, if bob.tld is hosted by example.com can you simply have

NS ns1.example.com
NS ns2.example.com
MX mx.example.com

www CNAME www.example.com

Without specifying

A 11.22.33.444

These days, many folk try to reach websites by typing just the bare
domain name without the "www" prefix.

If a user types "bob.tld" into a browser, the browser will issue an
address lookup for "bob.tld", causing the resolver to ask for A and
AAAA records for "bob.tld". If you don't have an A record at the zone
apex, the browser will not get back any address and display an error
message for the user. An alert user might try "www.bob.tld" but most
users are likely to just give up.

So while it's not *required* to have an address record at the apex,
it's good practice to have one.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)