From: Kurtis D. Rader (no email)
Date: Sat Jan 03 2004 - 21:35:54 EST
On Sat, 2004-01-03 13:47:34, Greg A. Woods wrote:
> Nothing against you -- just your DNS is broken. :-)
You're the first to complain about it in the 15 months since I
registered the domain. You're also the first person/site to reject
email from my system because the rDNS lookup did not yield the same
hostname I advertised in my SMTP HELO command. The only thing "broken"
with it is I haven't bothered to ask my ISP to change the PTR record
for my static address. The hostname I advertise in my SMTP HELO command
evaluates to the same IP address that the hostname returned by the rDNS
lookup evaluates to.
I'm fairly confident that my DNS server is correctly configured. But
if you have evidence to the contrary I welcome the information.
> The very same implementation flaws that cause problems with traceroute
> will cause problems with TCP, especially w.r.t. error handling. SMTP
> uses TCP.
That's a very broad brush stroke. The two situations are not identical.
Since I don't have access to the source for the Linksys router I can't
draw any definitive conclusions. I have network traces from my Linux
system that indicate IP level errors appear to be correctly handled
for TCP sessions. It would appear that the router does not maintain a
translation entry for outbound UDP. A situation that is undesirable,
but one that won't have any effect on on SMTP per se. It will, obviously,
have an effect on DNS lookups and other UDP based applications.
> Actually we both gave the same answer, just with differing levels of
> detail.
Exactly. Mr. Wietse's answer could have used a little more detail, but
your's amounted to little more than FUD. There are different classes
of NAT routers and each environment has its own unique requirements.
The consumer grade routers like the Linksys BEFSR41 that I'm using
have limited memory and computing power. They're not going to be able
to handle very many simultaneous sessions. As for protocol botches:
all software has defects. As with all engineering matters this is about
trade-offs. Can the defects be worked around, mitigated, or are they
otherwise acceptable? How does the cost of this solution compare to the
other solutions? How well does it meet the requirements? No engineer
would blindly state that a MTA should never be behind a NATing router.
When I bought my Linksys NATing router several years ago it satisfied
my criteria at that time. It certainly would not be the right
solution for a commercial site or even a high traffic volume site
(e.g., slashdot.org). But for someone who has a vanity domain it's a
reasonable choice. It certainly has met my needs for the past three
years with zero headaches. Since I've long since amortized the cost of
that unit and now have more stringent requirements I plan to change my
configuration so that my web and email server has direct connectivity
and all other devices route through it. But that doesn't mean it isn't
a reasonable choice for someone else.
> Besides, I think if you really understood the implications of these
> details already then you would not have had to ask the question in the
> first place and you would have understood my statement immediately.
Go back and reread the thread. I didn't ask any question, let alone why
running a MTA behind a NAT router might be a bad idea. I was responding to
the blanket assertion that a Postfix MTA should never be placed behind a
NATing router.
-- Kurtis D. Rader +1 503-531-8274
|
|
|