Newbie Question: Is anyone actually using the Null MX (RFC 7505)?
Dear all, I put the “Null MX” Record (RFC 7505) into one of my domains yesterday, then those online mail diagnostic tools out there start getting me worried: It looks like most of those tools do not recognize the Null MX as a special case; they just complain that they cannot find the mail server at “.” [Sarcasm: as if the root servers are going to provide mail service to a mere mortal like me!] Among a few shining exceptions (in a good way) is the good ol’ https://bgp.he.net/ which does not show that domain as having any MX record. [maybe it is also wrong, in the other direction?] I fear that the MTAs are going to behave that same way, treating my Null MX as a “misconfigured mail server name” and that my record will mean unnecessary extra queries to the root servers. [well, minus cache hit] So, here comes the questions: 1. Is there anyone actively using this Null MX? If so, may I please see that actual record line (in BIND zone file format) just to satisfy myself that I wrote mine correctly? 2. Which one makes more sense from the practical point-of-view: having a Null MX Record for the no-mail domain, or having no MX record at all? Thanks in advance for all advices, -- Pirawat.
MTAs don’t care what online analysis tools tell you and setting a null MX for a domain that you don’t receive mail for will work just fine, for the reasons explained in the rfc Having no MX means the smtp connection will fall back to the A record for your domain if one exists --srs ________________________________ From: NANOG <nanog-bounces+ops.lists=gmail.com@nanog.org> on behalf of Pirawat WATANAPONGSE via NANOG <nanog@nanog.org> Sent: Friday, February 26, 2021 3:49:41 PM To: nanog@nanog.org <nanog@nanog.org> Subject: Newbie Question: Is anyone actually using the Null MX (RFC 7505)? Dear all, I put the “Null MX” Record (RFC 7505) into one of my domains yesterday, then those online mail diagnostic tools out there start getting me worried: It looks like most of those tools do not recognize the Null MX as a special case; they just complain that they cannot find the mail server at “.” [Sarcasm: as if the root servers are going to provide mail service to a mere mortal like me!] Among a few shining exceptions (in a good way) is the good ol’ https://bgp.he.net/ which does not show that domain as having any MX record. [maybe it is also wrong, in the other direction?] I fear that the MTAs are going to behave that same way, treating my Null MX as a “misconfigured mail server name” and that my record will mean unnecessary extra queries to the root servers. [well, minus cache hit] So, here comes the questions: 1. Is there anyone actively using this Null MX? If so, may I please see that actual record line (in BIND zone file format) just to satisfy myself that I wrote mine correctly? 2. Which one makes more sense from the practical point-of-view: having a Null MX Record for the no-mail domain, or having no MX record at all? Thanks in advance for all advices, -- Pirawat.
Thats cute, but remember that there are gazylion of legacy systems on Internet as well. They might have no clue what do do with it.. Also remember that MTA is supposed to accept email to [ip] too. On my opinion, its best to just have no MX record at all. While MTA can fallback and try to do delivery by IN A record, I think its not that big problem. You need to specify for what domains you accept email anyway. And spammers will not care at all... ---------- Original message ---------- From: Pirawat WATANAPONGSE via NANOG <nanog@nanog.org> To: nanog@nanog.org Subject: Newbie Question: Is anyone actually using the Null MX (RFC 7505)? Date: Fri, 26 Feb 2021 17:19:41 +0700 Dear all, I put the ˙˙Null MX˙˙ Record (RFC 7505) into one of my domains yesterday, then those online mail diagnostic tools out there start getting me worried: It looks like most of those tools do not recognize the Null MX as a special case; they just complain that they cannot find the mail server at ˙˙.˙˙ [Sarcasm: as if the root servers are going to provide mail service to a mere mortal like me!] Among a few shining exceptions (in a good way) is the good ol˙˙ https://bgp.he.net/ which does not show that domain as having any MX record. [maybe it is also wrong, in the other direction?] I fear that the MTAs are going to behave that same way, treating my Null MX as a ˙˙misconfigured mail server name˙˙ and that my record will mean unnecessary extra queries to the root servers. [well, minus cache hit] So, here comes the questions: 1. Is there anyone actively using this Null MX? If so, may I please see that actual record line (in BIND zone file format) just to satisfy myself that I wrote mine correctly? 2. Which one makes more sense from the practical point-of-view: having a Null MX Record for the no-mail domain, or having no MX record at all? Thanks in advance for all advices, -- Pirawat.
OK. In your experience, which legacy system is going to misinterpret this record? The current RFC is from 2014-15 but the original idea from Mark Delany (then at Yahoo now at Apple) has been kicking around from 2006 or so. I remember contributing some text to the original draft RFC but can’t find any trace of it online right now. It worked just fine even back then, I assure you. So if there is any legacy MTA that still doesn’t accept it, it probably relies on UUCP domain maps or similar. --srs From: NANOG <nanog-bounces+ops.lists=gmail.com@nanog.org> on behalf of borg@uu3.net <borg@uu3.net> Date: Friday, 26 February 2021 at 10:51 PM To: nanog@nanog.org <nanog@nanog.org> Subject: Re: Newbie Question: Is anyone actually using the Null MX (RFC 7505)? Thats cute, but remember that there are gazylion of legacy systems on Internet as well. They might have no clue what do do with it.. Also remember that MTA is supposed to accept email to [ip] too. On my opinion, its best to just have no MX record at all. While MTA can fallback and try to do delivery by IN A record, I think its not that big problem. You need to specify for what domains you accept email anyway. And spammers will not care at all... ---------- Original message ---------- From: Pirawat WATANAPONGSE via NANOG <nanog@nanog.org> To: nanog@nanog.org Subject: Newbie Question: Is anyone actually using the Null MX (RFC 7505)? Date: Fri, 26 Feb 2021 17:19:41 +0700 Dear all, I put the ˙˙Null MX˙˙ Record (RFC 7505) into one of my domains yesterday, then those online mail diagnostic tools out there start getting me worried: It looks like most of those tools do not recognize the Null MX as a special case; they just complain that they cannot find the mail server at ˙˙.˙˙ [Sarcasm: as if the root servers are going to provide mail service to a mere mortal like me!] Among a few shining exceptions (in a good way) is the good ol˙˙ https://bgp.he.net/ which does not show that domain as having any MX record. [maybe it is also wrong, in the other direction?] I fear that the MTAs are going to behave that same way, treating my Null MX as a ˙˙misconfigured mail server name˙˙ and that my record will mean unnecessary extra queries to the root servers. [well, minus cache hit] So, here comes the questions: 1. Is there anyone actively using this Null MX? If so, may I please see that actual record line (in BIND zone file format) just to satisfy myself that I wrote mine correctly? 2. Which one makes more sense from the practical point-of-view: having a Null MX Record for the no-mail domain, or having no MX record at all? Thanks in advance for all advices, -- Pirawat.
Well, I bet my legacy system will bounce it for example... Postfix 3.0: RFC 7505 ("Null MX" No Service Resource Record), Earlier Postfix versions will bounce mail because of a "Malformed DNS server reply". I cant speak about Sendmail, qmail, Exim.. when they started supporting it. So, In my opinion changing already working standards in a way that they arent full compat with old systems is imo bad aproach. ---------- Original message ---------- From: Suresh Ramasubramanian <ops.lists@gmail.com> To: "borg@uu3.net" <borg@uu3.net>, "nanog@nanog.org" <nanog@nanog.org> Subject: Re: Newbie Question: Is anyone actually using the Null MX (RFC 7505)? Date: Fri, 26 Feb 2021 17:43:17 +0000 OK. In your experience, which legacy system is going to misinterpret this record? The current RFC is from 2014-15 but the original idea from Mark Delany (then at Yahoo now at Apple) has been kicking around from 2006 or so. I remember contributing some text to the original draft RFC but can?t find any trace of it online right now. It worked just fine even back then, I assure you. So if there is any legacy MTA that still doesn?t accept it, it probably relies on UUCP domain maps or similar. --srs From: NANOG <nanog-bounces+ops.lists=gmail.com@nanog.org> on behalf of borg@uu3.net <borg@uu3.net> Date: Friday, 26 February 2021 at 10:51 PM To: nanog@nanog.org <nanog@nanog.org> Subject: Re: Newbie Question: Is anyone actually using the Null MX (RFC 7505)? Thats cute, but remember that there are gazylion of legacy systems on Internet as well. They might have no clue what do do with it.. Also remember that MTA is supposed to accept email to [ip] too. On my opinion, its best to just have no MX record at all. While MTA can fallback and try to do delivery by IN A record, I think its not that big problem. You need to specify for what domains you accept email anyway. And spammers will not care at all... ---------- Original message ---------- From: Pirawat WATANAPONGSE via NANOG <nanog@nanog.org> To: nanog@nanog.org Subject: Newbie Question: Is anyone actually using the Null MX (RFC 7505)? Date: Fri, 26 Feb 2021 17:19:41 +0700 Dear all, I put the ˙˙Null MX˙˙ Record (RFC 7505) into one of my domains yesterday, then those online mail diagnostic tools out there start getting me worried: It looks like most of those tools do not recognize the Null MX as a special case; they just complain that they cannot find the mail server at ˙˙.˙˙ [Sarcasm: as if the root servers are going to provide mail service to a mere mortal like me!] Among a few shining exceptions (in a good way) is the good ol˙˙ https://bgp.he.net/ which does not show that domain as having any MX record. [maybe it is also wrong, in the other direction?] I fear that the MTAs are going to behave that same way, treating my Null MX as a ˙˙misconfigured mail server name˙˙ and that my record will mean unnecessary extra queries to the root servers. [well, minus cache hit] So, here comes the questions: 1. Is there anyone actively using this Null MX? If so, may I please see that actual record line (in BIND zone file format) just to satisfy myself that I wrote mine correctly? 2. Which one makes more sense from the practical point-of-view: having a Null MX Record for the no-mail domain, or having no MX record at all? Thanks in advance for all advices, -- Pirawat.
On 2/26/21 11:46 AM, borg@uu3.net wrote:
Well, I bet my legacy system will bounce it for example...
What specifically is the bounce? I thought the purpose of the Null MX was to do two things: 1) Provide as an MX that can't be connected to. 2) Serve as a signal to things that know how to interpret it that no mail is to be expected. I would expect that some server, if not the MSA, /would/ generate a bounce /because/ the email to the domain is undeliverables.
I cant speak about Sendmail, qmail, Exim.. when they started supporting it.
My Sendmail boxes have been dealing with the Null MX just fine. The aforementioned bounce is /expected/ to tell the sender that the destination address is bad.
So, In my opinion changing already working standards in a way that they arent full compat with old systems is imo bad aproach.
IMHO there is little, if any, effective difference between the Null MX and an MX pointing to an unresolvable name or an non-routed IP. They cause a hard / fast failure in an early upstream MTA thus induce a bounce. Depending on the MSA, the delivery problem may even be presented to the user as they are submitting the message to the MSA. -- Grant. . . . unix || die
Hmm right... Somehow I tought that having that special Null MX will silently discard message... I dont know why... So, RFC 7505 is pretty much even pointless in my opinion. You have to do more.. to pretty much achieve the same.. Its just easier to not having MX on subdomains that does not serve as email destinations.. Less records in DNS.. ---------- Original message ---------- From: Grant Taylor via NANOG <nanog@nanog.org> To: nanog@nanog.org Subject: Re: Newbie Question: Is anyone actually using the Null MX (RFC 7505)? Date: Fri, 26 Feb 2021 12:03:37 -0700 On 2/26/21 11:46 AM, borg@uu3.net wrote:
Well, I bet my legacy system will bounce it for example...
What specifically is the bounce? I thought the purpose of the Null MX was to do two things: 1) Provide as an MX that can't be connected to. 2) Serve as a signal to things that know how to interpret it that no mail is to be expected. I would expect that some server, if not the MSA, /would/ generate a bounce /because/ the email to the domain is undeliverables.
I cant speak about Sendmail, qmail, Exim.. when they started supporting it.
My Sendmail boxes have been dealing with the Null MX just fine. The aforementioned bounce is /expected/ to tell the sender that the destination address is bad.
So, In my opinion changing already working standards in a way that they arent full compat with old systems is imo bad aproach.
IMHO there is little, if any, effective difference between the Null MX and an MX pointing to an unresolvable name or an non-routed IP. They cause a hard / fast failure in an early upstream MTA thus induce a bounce. Depending on the MSA, the delivery problem may even be presented to the user as they are submitting the message to the MSA. -- Grant. . . . unix || die
On 2/26/21 2:10 PM, borg@uu3.net wrote:
Hmm right... Somehow I tought that having that special Null MX will silently discard message... I dont know why...
So, RFC 7505 is pretty much even pointless in my opinion. You have to do more.. to pretty much achieve the same.. Its just easier to not having MX on subdomains that does not serve as email destinations.. Less records in DNS..
It should mean that there is no attempt to deliver email, even if the domain has an A or AAAA record.
---------- Original message ----------
From: Grant Taylor via NANOG <nanog@nanog.org> To: nanog@nanog.org Subject: Re: Newbie Question: Is anyone actually using the Null MX (RFC 7505)? Date: Fri, 26 Feb 2021 12:03:37 -0700
On 2/26/21 11:46 AM, borg@uu3.net wrote:
Well, I bet my legacy system will bounce it for example... What specifically is the bounce?
I thought the purpose of the Null MX was to do two things:
1) Provide as an MX that can't be connected to. 2) Serve as a signal to things that know how to interpret it that no mail is to be expected.
I would expect that some server, if not the MSA, /would/ generate a bounce /because/ the email to the domain is undeliverables.
I cant speak about Sendmail, qmail, Exim.. when they started supporting it. My Sendmail boxes have been dealing with the Null MX just fine. The aforementioned bounce is /expected/ to tell the sender that the destination address is bad.
So, In my opinion changing already working standards in a way that they arent full compat with old systems is imo bad aproach. IMHO there is little, if any, effective difference between the Null MX and an MX pointing to an unresolvable name or an non-routed IP. They cause a hard / fast failure in an early upstream MTA thus induce a bounce.
Depending on the MSA, the delivery problem may even be presented to the user as they are submitting the message to the MSA.
-- Grant. . . . unix || die
In article <Pine.LNX.4.64.2102262007230.25288@cube> you write:
Hmm right... Somehow I tought that having that special Null MX will silently discard message... I dont know why...
So, RFC 7505 is pretty much even pointless in my opinion. You have to do more.. to pretty much achieve the same.. Its just easier to not having MX on subdomains that does not serve as email destinations.. Less records in DNS..
Please reread RFC 7505 section 4. I presume you are aware that SMTP falls back to A records only if there is no MX record. If there is any MX record, null or otherwise, mail clients don't look for an A or AAAA. R's, John
On 2/26/21 12:10 PM, borg@uu3.net wrote:
Hmm right... Somehow I tought that having that special Null MX will silently discard message... I dont know why...
It's Friday. I'm presuming that many of us have had a long week and are ready for the weekend. ;-)
So, RFC 7505 is pretty much even pointless in my opinion.
No, it's not pointless. See Alan's reply to my previous message for why a Null MX helps as a sender / MSA operator. See point #2 in my previous message for why you care about Null MX as a receiver.
You have to do more.. to pretty much achieve the same.
But it's not the same. You cause hard failures fast. It means that sending servers should never contact the A / AAAA addresses, much less every time the sending system retries to send. So you do save yourself some CPU cycles as a recipient.
Its just easier to not having MX on subdomains that does not serve as email destinations.. Less records in DNS.
Easier has seldom been better. If you publish a Null MX for said subdomain(s), my server will give up immediately. If you don't publish a Null MX, my server will pester your A / AAAA IPs every four hours for days at a time. -- Grant. . . . unix || die
On Fri, 2021-02-26 at 12:03 -0700, Grant Taylor via NANOG wrote:
On 2/26/21 11:46 AM, borg@uu3.net wrote:
Well, I bet my legacy system will bounce it for example...
What specifically is the bounce? I thought the purpose of the Null MX was to do two things: 1) Provide as an MX that can't be connected to.2) Serve as a signal to things that know how to interpret it that no mail is to be expected. I would expect that some server, if not the MSA, /would/ generate a bounce /because/ the email to the domain is undeliverables.
Exactly. Postfix bounces it immediately with an accurate message: Domain ???.com does not accept mail (nullMX) This seems preferable to waiting hours or days for a bounce due to not being able to connect to the A record on port 25 or w/e.
I think just about everything has been said beyond contacting the operators of the online testing tools and requesting that they update their tool or to take it down. A broken tool is worse that no tool. The is too much out-of-date stuff on the Internet. We should all be doing our little bits to correct it or remove it. Mark
On 26 Feb 2021, at 21:19, Pirawat WATANAPONGSE via NANOG <nanog@nanog.org> wrote:
Dear all,
I put the “Null MX” Record (RFC 7505) into one of my domains yesterday, then those online mail diagnostic tools out there start getting me worried:
It looks like most of those tools do not recognize the Null MX as a special case; they just complain that they cannot find the mail server at “.” [Sarcasm: as if the root servers are going to provide mail service to a mere mortal like me!]
Among a few shining exceptions (in a good way) is the good ol’ https://bgp.he.net/ which does not show that domain as having any MX record. [maybe it is also wrong, in the other direction?]
I fear that the MTAs are going to behave that same way, treating my Null MX as a “misconfigured mail server name” and that my record will mean unnecessary extra queries to the root servers. [well, minus cache hit]
So, here comes the questions: 1. Is there anyone actively using this Null MX? If so, may I please see that actual record line (in BIND zone file format) just to satisfy myself that I wrote mine correctly? 2. Which one makes more sense from the practical point-of-view: having a Null MX Record for the no-mail domain, or having no MX record at all?
Thanks in advance for all advices,
--
Pirawat.
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
In article <CAKaVjbP2KyB5FGtzAqYjnaagg4P7+E+32d+2HFZnLTVUz7kphw@mail.gmail.com> you write:
1. Is there anyone actively using this Null MX? If so, may I please see that actual record line (in BIND zone file format) just to satisfy myself that I wrote mine correctly?
Yes. services.net. 3600 IN MX 0 .
2. Which one makes more sense from the practical point-of-view: having a Null MX Record for the no-mail domain, or having no MX record at all?
Null MX of course. See section 4 of RFC 7505. Large mail systems like gmail and recent versions of mail servers like Postfix all recognize a null MX. I suppose there are some dusty old mail systems that do something odd with it and throw an error message but so what? You don't want them to send you mail in the first place. R's, John
participants (8)
-
Alan Hodgson
-
borg@uu3.net
-
Grant Taylor
-
John Levine
-
John Peach
-
Mark Andrews
-
Pirawat WATANAPONGSE
-
Suresh Ramasubramanian