trinity-devel@lists.pearsoncomputing.net

Message: previous - next
Month: December 2015

Re: [trinity-devel] TDE list rDNS/HELO

From: Mike Bird <mgb-trinity@...>
Date: Thu, 3 Dec 2015 13:47:24 -0800
On Thu December 3 2015 11:16:04 Timothy Pearson wrote:
> As you can probably infer the main problem is that my ISP doesn't provide
> enough IP addresses (at a cost I am willing to pay) for all the services
> running here.  From what I understand multiple rDNS records for the same
> IP is likely to cause more problems than it's worth as well.

I've heard of such problems but we ran with multiple PTRs
from the mid nineties to the late noughties without problems.
I imagine there was a time when people checked the first
PTR record against the first A record but modern software
knows to retrieve all records in a doubly nested loop and
look for any match.

> After the servers are relocated next year there should be more IP
> addresses available, which will make this problem go away.

With the world out of IPv4 address blocks the trend is to
giving only one IPv4 address to each virtual or physical
machine, and using RFC1918 addresses wherever possible.

Over the last two decades while growing our network we've
reduced our public IPv4 addresses in several stages from
1025 (including the router's DS1 interface) to about a dozen
public IPv4s which together support five locations across
four cities.

The only machines with two public IPv4 addresses are some
VPN+mail servers where the configuration is just too horrible
without a second public IPv4.

You still occasionally see an ISP SWIPing a /29 to get
their own utilization rate up but it's increasingly rare
and if you want a second public IPv4 on a box you will now
usually have to provide a written justification which will
be assessed by a network engineer.

> I'm not all 
> that keen on changing the HELO string as it isn't technically the domain
> that's identifying, it's that specific mail server, and over time there
> may be more than one mail server (for redundancy, etc.).

The trend is toward giving a single name for each box
with matching A and PTR records.  You can still have
multiple MX records pointing to multiple boxes.  And
you can still use CNAMEs or additional A records without
PTRs to provide additional names for your box including
for virtual web services.

Whether you call that box pearsoncomputing.net or
mail.pearsoncomputing.net or something else doesn't really
matter as long as A and PTR are consistent and preferably
also /etc/hostname, /etc/mailname, and smtp_helo.

--Mike

powered by ezmlm-www (v1.4.5)