Re: Mx lookup

On 14 May 2008, at 13:53, Charles Marcus wrote:

> On 5/14/2008 8:29 AM, Mark Blackman wrote:
>>> If I use the opendns service:
>>> resolv.conf
>>> nameserver 208.67.222.222
>>> nameserver 208.67.220.220
>>>
>>> the email that I try to send to unreal domain (i.e. yrcwed4r.it)  
>>> go to
>>> the queue with
>>> connection time out:
>>>   (connect to yrcwed4r.it[208.67.217.132]:25: Connection timed out)
>>>                                          soracchi <at> yrcwed4r.it
>>>
>>> If I use the other DNS (my service provider) the email is bounced to
>>> sender correctly
>>> (Host or domain name not found. Name service error for
>>> name=yrcwed4r.it type=AAAA: Host
>>> found but no data record of requested type).
>>>
>>> The problem seems to be in opendns service.
>>>
>>> Can you help me.
>
>> Yes, don't use opendns for MX lookups.
>
> Bad answer... opendns works really well for me and has been for a long
> time, on numerous systems.
>
> Just log into your OpenDNS account and disable 'Typo Corrections' and
> you're good to go...

Thanks, I certainly didn't realize that option existed, but
how does that deal with malicious conflicting IP entries?

i.e.
user A declares they do queries from IP A and turn off typo correction
user B declares they do queries from IP A *as well* and turn *on*  
typo correction.

They do appear to go to some effort to confirm you're an actual user of
that IP address, but for multiple machines on a NAT, they can't  
distinguish
those cases. The case where you might get two conflicting users at  
the same IP address
is small, but not vanishingly so.

In any case, the general point is that openDNS is aimed primarily at  
web clients and
so they'll always do a better job for that case rather than mx lookups.

A local caching resolver is preferred, but opendns is more suitable  
than I originally
realized.

- Mark

>
> -- 
>
> Best regards,
>
> Charles