Join Log in
Score:-1
HippoMan avatar Server

How to specify MX RR using djbdns?

by flag
HippoMan

I want one of the domains I manage to have null MX records: i.e., MX RR.

I'm trying to figure out how to specify MX RR under djbdns, but my searches haven't yielded any information about how to do this.

I did the following for the moment, but I know this isn't the proper way to null out MX records ...

@example.com:127.0.0.1:a:0
@example.com:127.0.0.1:b:0

... and I'm pretty sure that the following is just as undesirable ...

@example.com:localhost:a:0
@example.com:localhost:b:0

Is there a djbdns-based syntax for creating MX RR records?

Thank you in advance for any suggessions.

59
1 + 12
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
[Null MX](https://www.rfc-editor.org/rfc/rfc7505#page-3) syntax is literally `label MX 0 .` (label is your domain name), it's an ordinary MX record which has priority 0 and the name of the MX server is the label `.` (DNS root). Maybe you just forgot this single dot label at the end?
0
Reply
HippoMan avatar
by flag
HippoMan
Thank you! I did the following in djbdns ... `@example.com:.:a:0` . Then, I get the following response when running `dig a.mx.example.com` ... `;a.mx.example.com. IN A ` ... with no "." target shown. Is that a correct response? My goal here is to create this Null MX record using djbdns syntax, and I'm still not sure whether djbdns syntax even supports the specification of Null MX.
0
Reply
HippoMan avatar
by flag
HippoMan
PS: I also tried `@example.com::a:0` (no target) and `@example.com:RR:a:0` ("RR" target), and I still get the same null target when checking `a.mx.example.com` with `dig`. If a null target is not correct, then it looks like it might be impossible to specify Null MX properly via djbdns syntax.
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
There is no "RR target". RR in DNS context is an abbreviation of "resource record", it doesn't have any special syntactic meaning. What's `a` in your attempts? Try something like `@example.com:127.0.0.1:.:0` (where distance is 0 and MX is .) The format implies you need to specify some IP address, so I put localhost's one; chances are it won't be used.
0
Reply
HippoMan avatar
by flag
HippoMan
OOPS! I accidentally deleted the wrong message. See the "MX" section on this page for an explanation of the djbdns syntax for creating an MX record: https://cr.yp.to/djbdns/tinydns-data.html. The syntax you offered is not correct djbdns syntax. As you can see, the "a" just means to generate the MX record name as `a.mx.example.com`. If I use "b", it means to generate the name as `b.mx.example.com`. The final "0" is the distance.
0
Reply
HippoMan avatar
by flag
HippoMan
Anyway, thank you for all your help! I'm specifically looking for a djbdns way to generate a Null MX record, and now it seems like djbdns does not offer any syntax for specifically creating such a Null MX record. Given that I already tried `@example.com:127.0.0.1:a:0` and it seems to have the desired effect, I guess I'll just stick with that. It generates `a.mx.example.com 86400 IN A 127.0.0.1` for the MX record. Or I could do this: `@example.com::a:0`, and it just generates the following: `a.mx.example.com 86400 IN A ` for the MX record.
0
Reply
HippoMan avatar
by flag
HippoMan
... and in each of those cases, the MX record is named `a.mx.example.com`.
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
No, there is an exception if the name contains a dot. Exactly on that page: * If x contains a dot then it is treated specially; see above. * If it contains a dot, the domain name *is not* appended, and above: *If x contains a dot then tinydns-data will use x as the server name rather than x.ns.fqdn.*
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
That said, the next sentence *This feature is provided only for compatibility reasons; names not ending with fqdn will force clients to contact parent servers much more often than they otherwise would, and will reduce the overall reliability of DNS.* means the author (DJB) does not quite accept the idea that DNS is a distributed public directory. I mean, don't use this software (djbdns) for anything important. The ability to set MX or SRV or anything to be arbitrary name not belonging to the domain is essential and extremely widely used, while the says it's "only for compatibility".
0
Reply
HippoMan avatar
by flag
HippoMan
Aha! Thank you! I misunderstood the djbdns docs, and I now see that `@example.com:127.0.0.1:.:0` indeed generates this as the MX record: `example.com 86400 IN MX 0 .` . I'll stick with that, and I'll put that in an "Answer" here now. And I agree that djbdns is not complete. What do you use for DNS? Are you using `bind`? Or is there something else that you prefer?
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
DJB says his's software is "designed with security in mind" which is really the marketing gimmick. *Anything serous* is designed with security in mind, but also to perform its function, and reasonable authors don't attempt to discourage people of using the technology properly with false statements. In this case, you've had an unnecessary fight with the software, because it lacks an important example of using foreign domain; *that* should have been put into docs instead of rubbish "for compartibility". // Yes, I use BIND, but also I've used PowerDNS, and I've used Unbound as a caching resolver.
0
Reply
HippoMan avatar
by flag
HippoMan
I totally agree with you about DJB's statements. I'll check out `PowerDNS` and `Unbound`, but I'll probably end up going back to `bind` unless either of the other two makes a huge difference. Thank you again!
0
Reply
Score:1
HippoMan avatar Server
by flag
HippoMan

Per the patience and valuable help from @Nikita-Kipriyanov (see the comments below my original Question), I now see that the following is the answer to my question:

@example.com:127.0.0.1:.:0

It generates this ...

example.com 86400 IN MX 0 .

... which is indeed a suitable Null MX record.

I also tried this ...

@example.com::.:

... and it also generates the same MX record.

I prefer this second one, because it doesn't deal with any spurious references to 127.0.0.1, and also, that syntax sort of appears to reference something that might be "Null" in some way, due to the absence of anything except that one dot. It will therefore be clearer to anyone examining my djbdns domain definitions that this is indeed probably a "Null MX" specification.

+ 3
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Please accept your own answer. That way anybody will see there is a solution.
1
Reply
HippoMan avatar
by flag
HippoMan
I know about accepting my own answer, and I'm eager to do so. However, the site won't let me accept it for another 6 hours.
0
Reply
HippoMan avatar
by flag
HippoMan
I just finally have been able to accept my answer. These StackExchange sites all force the poster of a question to wait a period of time before being able to accept their own answers. It's either a 12- or 24-hour delay on ServerFault, but I know it is something like 2 days for some of the other StackExchange sites.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.