DNS question, null MX records *summary of on list and off list replies*
Eric J Esslinger
eesslinger at fpu-tn.com
Tue Dec 15 11:51:29 CST 2009
A. Use a valid domain mapped to an unroutable or loopback instead of the .
I've decided to use 127.0.0.1
B. Set spf -all, for those who bother to check that to stop inbound mail from your domain.
Already had that in place
C. Donate the spam to someone who would use it.
I can't donate the existing incoming email due to privacy concerns, however, project honeypot uses subdomains (foo at bar.example.com) for it's spam traps and wants unused subdomains so it's traps will be 'clean to start'. I'll see if I can get that done.
D. Expect some spammers to detect any MX strangeness you use and bypass it in favor of your A record.
Understandable, and none of the referenced records in the DNS files accept mail from outside, connections are silently dropped at the firewall. This is just an attempt to cut the mess coming in because of the A record down in size.
E. Set up an actual mail server routing all mail to /dev/null.
I'd rather just drop the traffic rather than have another service to maintain/secure/update
Information Services Manager - Fayetteville Public Utilities
(931)433-1522 ext 165
From: Eric J Esslinger [mailto:eesslinger at fpu-tn.com]
Sent: Tuesday, December 15, 2009 9:18 AM
To: 'nanog at nanog.org'
Subject: DNS question, null MX records
I have a domain that exists solely to cname A records to another domain's websites. There is no MX server for that domain, there is no valid mail sent as from that domain. However when I hooked it up I immediately started getting bounces and spam traffic attemtping to connect to the cnamed A record, which has no inbound mail server (It's actually hitting the firewall in front of it). (The domain name is actually several years old and has been sitting without dns for a while)
I found a reference to a null MX proposal, constructed so:
example.com IN MX 0 .
Question: Is this a valid dns construct or did the proposal die? I don't want to cause people problems but at the same time, I don't want any of this crap to even attempt to deliver on this domain to any of my servers.
This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited.
More information about the NANOG