[BALUG-Admin] balug.org DNS review

Rick Moen rick@linuxmafia.com
Wed Sep 27 20:05:02 PDT 2017


Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):

> I'm kind'a inclined to leave the SPF data for it
> as it is...

Your call.  The general principle is:  If the 'A' record doesn't
originate mail, it's in your interest to make the DNS say so, in order
to prevent spammers from believably forging it as a sender.

I personally care about the reputation of my FQDNs, including those that
don't send mail.

> Uhm, ... but if, e.g. one has hundreds or thousands of more A (and/or AAAA)
> records for a domain, would one do SPF data records for all of 'em?  I
> think not.

I would.  It's one line of sed.

Funny thing, that.  Practically every bad DNS zonefile idea I hear
defended, gets defended on the basis that there's too many records to
change -- especially the 'I used CNAME when I shouldn't have' bad idea.

And in every single case I've encountered so far, the alternative
maintenance regime and the correction regime, is one line of sed.

But hey, if you don't mind spammers believably forging those hostnames
as senders of spam, and intend to deal with the misdirected complaints,
sure, go right ahead and don't bother.

And, I will point out, you do _not_ have hundreds or thousands of 'A'
records to deal with.




More information about the BALUG-Admin mailing list