[Mimedefang] DNS and MX records

John Rudd john at rudd.cc
Sat May 13 22:11:45 EDT 2006

On May 13, 2006, at 4:15 PM, netguy wrote:

> Hi Again
> I thought that I might update this thread.   Lots of folks took the 
> time to reply and/or voice their opinions, thanks.  I did not ever get 
> a definitive answer so I figured that I was treading on new ground; 
> sorta.  It seems to me that nobody really cares if domain.tld has an A 
> record or not.  Note that there is no reason to other than ease of use 
> for surfers because they are lazy and don't want to type in the www 
> part.   Spammers apparently care as that is used to send spam even 
> though there are no MX record(s).  Sure there are probably legitimate 
> reasons to have one, but I myself would rather not have the network 
> traffic banging on my door.   I keep up with MIMEDefang, spamassassin 
> and graylisting, but I can't guarentee that it catches all of the 
> crap.  In my case, by not setting domain.tld with an A record, things 
> don't happen quite as fast on the mail server which means my network 
> traffic is less and I conserve bandwidth for normal traffic use.
> Please read more about it as I posted to comp.protocols.bind.dns for 
> wisdom.  If you check comp.protocols.bind.dns you can see the posting 
> and replies with the .subject as 'DNS and MX'.  Kevin Darcy is one of 
> the moderators and has graciously sent my post thru even though I am 
> not an subscriber.

Why not have:

- domain.tld have an A record (IP addr A)

- web server listens to IP addr A on a virtual network interface. (in 
addition to listening to its regular IP addr on whatever other network 
interface it already has)

- the only ports listening on IP addr A are the web services (nothing 
on port 25, nothing on sshd, nothing on 110, etc.).  It can listen to 
whatever it wants to on its other IP addr, but on IP addr A it _ONLY_ 
listens to web services.

- the web services running on IP addr A only offer HTTP level redirects 
to the normal web server IP addr (ie. not html tags that redirect, but 
actual low level http protocol redirects)

So, Lazy users who connect to http://domain.tld/* will get a redirect 
to http://www.domain.tld/*  Everyone else, including spammers that 
directly connect to domain.tld:25, who try to connect to domain.tld (IP 
addr A) will get nothing.  Whether or not you want to give an MX record 
to domain.tld so that it can route email is entirely optional at that 

More information about the MIMEDefang mailing list