Subject: Re: [44net] Bad MX records in the ampr.org DNS From: Rob Janssen pe1chl@amsat.org Date: 05/25/2015 09:18 PM
To: 44net@hamradio.ucsd.edu
Over the past few days, I have found and deleted about 2000 bad MX records and 935 bad CNAME records.
It appears that in the past some standard procedure has inserted many records like this:
callsign IN A 44.x.x.x callsign IN MX 10 callsign
Later, apparently the IN A records have been deleted during some cleanup, but the IN MX records remained. They of course serve no function, and bind9 complains when the zone is loaded.
Furthermore, a large number of records like this existed:
something IN CNAME callsign
Again, the corresponding callsign has been deleted in the past (its A records, and now also the dangling MX) and that CNAME points to nothing. I have removed those as well.
There was a number of records like this:
callsign IN MX 10 44.x.x.x
This format is not allowed. A hostname should appear instead of the literal IP address. I have changed the records to have the corresponding hostname from the ampr.org zone.
Errors that still remain are: records of the format:
callsign IN MX 10 111.222.333.444 (referring to a public IP)
Those are:
*.xe2mbq IN MX 5 200.23.120.6 *.xe2yun IN MX 10 200.23.120.6 grr.kc8lcp IN MX 10 204.227.124.61 ka9kim IN MX 30 207.74.35.36 kc5ghg IN MX 20 206.61.58.173 linux.n8ivx IN MX 10 209.4.74.218 n5dbx IN MX 20 206.61.57.1 n8ivx IN MX 10 208.231.146.247 pacgate.zl1udy IN MX 0 202.14.100.2 ur4wwe IN MX 20 194.44.138.1 us5we IN MX 20 194.44.138.1 va3hum IN MX 20 206.248.184.186 va3yh IN MX 20 206.248.184.186 ve3fub IN MX 20 206.248.184.186 wb5fro IN MX 20 206.61.58.173 yo3ru IN MX 10 141.85.43.57
Owners, please update them with a proper hostname instead of the literal IP address.
Also, these names are used in records like:
callsign IN MX 10 name
but the name refers to a CNAME, not to an IN A record. This is not allowed by the spec, although it usually works. If possible, change the MX to have a hostname that points to an A record. The illegally used CNAMEs are:
alcoy athnet bbs.vk2czr club.oh1rbi ea4rct edugraf etxgate.nb5i g0wfs gateway.n8xja gb7sol-10 gb7tvg gw.ir3ip haifa hougw2 hougw jh3qnh ka7oei kb7yw kj7pf mail.ncpa mx2.ir3ip poagw pp5dq pp5dq-gw pp5mcb-gw-7 pp5uf router.kl7eet va3lug ve3cgr ve3mch ve3uow ve6lip vk2pk vk2yui vk5lz vk5tty w7yg wa7ipx wa7slg
Of course there is still lots of other out-of-date info in the DNS, but now at least it is more standards compliant.
Rob
Rob,
Where you say "Owners, please update them with a proper hostname instead of the literal IP address." I would like to point out that it is entirely possible to have an IP address that has no HOSTNAME assigned to it at all. The most common are used for mail. I use 2 that are setup this way for security reasons.
I will also update my "mail.ncpa" to point to my companies mail server direct, instead of the CNAME. (Which as you stated, did in fact, work)
---------- Wm Lewis (KG6BAJ) AMPR Net IP Address Coordinator - Northern and Central California Regions (A 100% Volunteer Group) (530) 263-1595 (Home/Office) ______________________________________________
---------- This message is for the designated recipient only and MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION. If you have received it in error, please notify the sender immediately and delete the original. Any other use of this E-mail is prohibited.
At 11:48 AM 5/27/2015, you wrote:
(Please trim inclusions from previous messages) _______________________________________________
Subject: Re: [44net] Bad MX records in the ampr.org DNS From: Rob Janssen pe1chl@amsat.org Date: 05/25/2015 09:18 PM
To: 44net@hamradio.ucsd.edu
Over the past few days, I have found and deleted about 2000 bad MX records and 935 bad CNAME records.
It appears that in the past some standard procedure has inserted many records like this:
callsign IN A 44.x.x.x callsign IN MX 10 callsign
Later, apparently the IN A records have been deleted during some cleanup, but the IN MX records remained. They of course serve no function, and bind9 complains when the zone is loaded.
Furthermore, a large number of records like this existed:
something IN CNAME callsign
Again, the corresponding callsign has been deleted in the past (its A records, and now also the dangling MX) and that CNAME points to nothing. I have removed those as well.
There was a number of records like this:
callsign IN MX 10 44.x.x.x
This format is not allowed. A hostname should appear instead of the literal IP address. I have changed the records to have the corresponding hostname from the ampr.org zone.
Errors that still remain are: records of the format:
callsign IN MX 10 111.222.333.444 (referring to a public IP)
Those are:
*.xe2mbq IN MX 5 200.23.120.6 *.xe2yun IN MX 10 200.23.120.6 grr.kc8lcp IN MX 10 204.227.124.61 ka9kim IN MX 30 207.74.35.36 kc5ghg IN MX 20 206.61.58.173 linux.n8ivx IN MX 10 209.4.74.218 n5dbx IN MX 20 206.61.57.1 n8ivx IN MX 10 208.231.146.247 pacgate.zl1udy IN MX 0 202.14.100.2 ur4wwe IN MX 20 194.44.138.1 us5we IN MX 20 194.44.138.1 va3hum IN MX 20 206.248.184.186 va3yh IN MX 20 206.248.184.186 ve3fub IN MX 20 206.248.184.186 wb5fro IN MX 20 206.61.58.173 yo3ru IN MX 10 141.85.43.57
Owners, please update them with a proper hostname instead of the literal IP address.
Also, these names are used in records like:
callsign IN MX 10 name
but the name refers to a CNAME, not to an IN A record. This is not allowed by the spec, although it usually works. If possible, change the MX to have a hostname that points to an A record. The illegally used CNAMEs are:
alcoy athnet bbs.vk2czr club.oh1rbi ea4rct edugraf etxgate.nb5i g0wfs gateway.n8xja gb7sol-10 gb7tvg gw.ir3ip haifa hougw2 hougw jh3qnh ka7oei kb7yw kj7pf mail.ncpa mx2.ir3ip poagw pp5dq pp5dq-gw pp5mcb-gw-7 pp5uf router.kl7eet va3lug ve3cgr ve3mch ve3uow ve6lip vk2pk vk2yui vk5lz vk5tty w7yg wa7ipx wa7slg
Of course there is still lots of other out-of-date info in the DNS, but now at least it is more standards compliant.
Rob _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On Wed, May 27, 2015 at 3:41 PM, William Lewis kg6baj@n1oes.org wrote:
Where you say "Owners, please update them with a proper hostname instead of the literal IP address." I would like to point out that it is entirely possible to have an IP address that has no HOSTNAME assigned to it at all. The most common are used for mail. I use 2 that are setup this way for security reasons.
MX records must point to a hostname. Here's a good description of why: http://serverfault.com/a/663122
But the bottom line is: it's the spec.
Tom KD7LXL
I'd like us to stick with the rules that the LHS of a CNAME record can't have any other data (ie, no MX records), and that MX records must reference canonical hostnames.
I'd like to get it so that the nameserver doesn't have ANY complaints when loading our zones.
I very much appreciate the cleanup work that Rob has been doing. It's needed doing for quite some time.
Thank you. - Brian
-
Brian Kantor -
Rob Janssen -
Tom Hayward -
William Lewis