In message <CAP-guGVuNoqRhGw_UMVQtkJ-zToM8NGB2aLk=wjtc0j7fh8...@mail.gmail.com>, William Herrin writes: > On Thu, Jul 26, 2012 at 10:45 PM, Mark Andrews <ma...@isc.org> wrote: > > In message <b59a4092-ce2f-44e4-84f9-77c18493a...@kapu.net>, Michael J Wise > > writ > > es: > >> And maybe an endless loop for an MX lookup might be what is causing = > >> hotmail to panic and throw out the MX records. > > > > You don't lookup MX records for MX targets. This is basic MTA > > processing. > > Correct. An MX record points to a label containing one or more address > records. It does not chain. In principle the MX record could point to > a CNAME record which then chains until it reaches an address record > but I wouldn't depend on such a configuration working correctly. Ditto > the MX lookup fetching a CNAME which chains until it reaches a label > with an MX record. > > > You don't depend on ALL (ANY) returning MX records as they may not > > be in the cache. You need to make a explict MX query you get no > > MX records are returned in response to a ALL query. > > Also correct. > > > If the MX lookup fails, as apposed to returns nodata, you don't > > lookup the A/AAAA records and synthesis a MX record. You treat it > > as a soft error and queue for retry later. Again this is basic MTA > > processing. > > Maybe. In principle this is correct but as you wander through various > bits of software in the name lookup process (which often consults more > than just the DNS -- even today DNS isn't the only game in town) it's > pretty easy to lose track of the difference between lookup failure and > success:no data.
But it is the only ones that returns MX records. If that step errors you need to retry later. If you get NXDOMAIN you go onto other address sources. > Think about it... how is the MTA to respond if the primary lookup > reports success:no data (e.g. /etc/hosts) but a second tier lookup > (e.g. DNS) reports lookup failure? What if DNS is third tier and the > second tier is some kind of CIFS or NIS lookup which fails? MX records can't be lookup up in /etc/hosts or in CIFS / NIS. You only look for address records *after* the MX lookup fails. > Or reports > success:no data. Or the DNS gets translated through a middleman (like > NIS) which doesn't preserve the difference between fail and success no > data. Does the whole lookup fail because part did? Gets ambiguous. > > Further, falling back to the address lookup in the absence of MX > records is correct behavior for an MTA. The key words above are "in the absence". Until you have determined that they are absent you don't fall back. > What *should* happen here is that the guy's web server should reject > the port 25 connection (an SMTP soft fail condition) and on the next > retry hotmail should find the MX record and follow it. No. It is perfectly legal for A to accept mail for B, B for C, C for D and D for A with all mail being delivered to a host with a different name than the mail domain. It is not and never has been correct processing to lookup addresses records for a domain if the MX lookup fails. nodata/nxdomain are not failures. > Either way, I think I'd have to consider this -advanced- MTA > processing. You have to really know your stuff to get this one right. No. This is the behaviour you get with a MX oblivious MTA. > Regards, > Bill Herrin > > > > -- > William D. Herrin ................ her...@dirtside.com b...@herrin.us > 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> > Falls Church, VA 22042-3004 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
