[TAG] How not to do DNS, example n+1

[Rick Moen]

Quoting Jay R. Ashworth (jra at baylink.com):

> And see Rick's comments about backup MX, supra.
> 
> Though *I* think that having Nagios watch your backup MXs is probably a
> better solution than not having them at all.

Nagios might indeed make enough of a difference.

I was basically saying that _unverified_ MXes, the ones you simply trust
to be competently configured, have a nasty habit of turning out to say 
"Oh, we certainly wouldn't relay for _those_ people" at the worst
possible moments.  I have the burn marks to prove this.  ;->

In part, this is collateral damage from the spam war:  Everyone's been
so conditioned to think that relaying is bad (opens you up to abuse by 
spammers) that MTA defaults push that concept heavily.  It's thus typical
for some half-dazed Linux admin in the middle of a system rebuild to 
suddenly forget he'd been relaying domain foo's mail for _reason_ and 
silently drop it as a "security measure".

I try to heavily comment my configuration files (about _why_ I did
certain things), hoping to avert those and similar mishaps on my end.