A records point to a domain

Barry Margolin barmar at genuity.net
Fri May 19 14:37:43 UTC 2000 

In article <87wvkrzbcb.fsf at sharik.worldnet.att.net>,
stanislav shalunov  <shalunov at att.com> wrote:
>3. It does an MX lookup on `example.com.' and it fails (e.g., because
>   the host can't get your nameservers).
>
>4. Since it didn't get an MX record, the MTA looks for an A record.
>   By this time it can get to your name servers so it think that you
>   want mail for user at example.com to go to 10.0.0.1 rather than
>   10.0.0.2.
....
>I'm not sure which MTAs would and would not go to step 4 when a
>temporary DNS failure occurs.  Anyone?

If step 3 fails because the nameservers don't respond, the MTA should give
up immediately and put the message back in the queue to be retried later,
precisely to prevent the above bug.  Why would they even consider going on
to step 4?  If the nameservers are down, they're down.

They should only fall through from step 3 to step 4 when they get a
response that indicates that the name example.com does exist but has no MX
records.  This would be a DNS reply with status = NOERROR and an empty
Answer section.

It's interesting that RFC 974 "Mail Routing and the Domain Name System" is
pretty wishy-washy about this.  It says:

   Mailers are expected to do something reasonable in the face of an
   error.  The behaviour for each type of error is not specified here,
   but implementors should note that different types of errors should
   probably be treated differently.  For example, a response code of
   "non-existent domain" should probably cause the message to be
   returned to the sender as invalid, while a response code of "server
   failure" should probably cause the message to be retried later.

I suspect this is because the MX mechanism was still pretty new at the
time, and the author didn't feel ready to pronounce absolutes.
Unfortunately, RFC 1123 didn't clarify this section.  However, common sense
suggests that falling through to step 4 after a timeout is the wrong thing
to do.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list