Wietse Venema wrote:
> Nathanael Hoyle:
>
>>mouss wrote:
>>
>>>Nathanael Hoyle a ?crit :
>>>
>>>
>>>>I liked Jorey's idea enough to give it a shot. Actually implemented it
>>>>yesterday. I debated about having the 'dead' MX host point at a system
>>>>which dropped the requests but logged them (via iptables or similar),
>>>>not so much to see how much legitimate email made it through (which
>>>>seems to be pretty much all of it so far), but to see how much nasty
>>>>traffic hit the primary 'dead' host that failed to retry on the second.
>>>> For now, I have gone with a somewhat different approach. I actually
>>>>have the primary MX listed as an IP that is a network boundary (and
>>>>therefore flatly unusable),
>>>
>>>what do you mean here?
>>
>>The IP is a network boundary address. i.e., if it were a class C
>>network (/24). the address would be x.x.x.0, rather than 1-254 or
>>broadcast (255). Because this IP refers to the *network* rather than a
>>host therein, it cannot actually be assigned to a host. This means I
>
>
> Oh yes it can.
>
> Your broadcast address is meaningful only for hosts on your subnet.
>
> Your broadcast address has no meaning for hosts on other subnets.
>
> Assign your broadcast address to an MX host record, and clients will
> experience TCP timeout waits just as if they connect to a host that
> is turned off.
>
> Wietse
If you would please note, I used the bottom end network boundary, not
the top-end broadcast address. To my understanding, this would be
accurate in describing broadcast address behavior, but not network
boundary address behavier. Would this in fact still apply for, for
intance the .0 address in a class C?
--
Nathanael Hoyle
Systems and Networking
Speed Express Networks, LLC
nhoyle@...
432.837.2811
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Send Email