On Mon, Nov 24, 2014 at 01:38:15PM -0500, Wietse Venema wrote:
> /etc/postfix/smtp_dns_reply_filter:
> # /domain ttl IN AAAA address/ action, all case-insensitive.
> # Note: the domain name ends in ".".
> /^\S+\.google.com\.\s+\S+\s+\S+\s+AAAA\s+/ IGNORE
>
> The implementation renders a DNS record as a string in the format
> that we know from dig(1) and other tools, then matches that string
> against a list of lookup tables. Currently, IGNORE is the only
> implemented action. It removes the record from the DNS lookup result.
>
> When all DNS lookup result reply records are deleted, it returns a
> DNS_NOTFOUND status plus a diagnostic text with "All records
> suppressed by policy filter".
There might be cases in which "DNS_NOTFOUND" should be replaced
with "DNS_FAIL" if as a result the RRset becomes empty.
For example, if a domain has MX records, but we drop them all, it
may not be appropriate to then use the A/AAAA records. Rather, it
seems that such a domain is unreachable. So the "IGNORE" could
be augmented by:
IGNORE_FAIL_IF_EMPTY
or some such.
--
Viktor.
