On 11/25/2014 8:48 AM, Viktor Dukhovni wrote:
On Tue, Nov 25, 2014 at 08:10:28AM -0800, Darren Pilgrim wrote:
For example, if a domain has MX records, but we drop them all, it
may not be appropriate to then use the A/AAAA records. Rather, it
seems that such a domain is unreachable. So the "IGNORE" could
be augmented by:
IGNORE_FAIL_IF_EMPTY
I can definitely see the utility of that. I think in production I would
want "defer if empty" with logging stating that the set of A/AAAA nexthops
is empty after filtering. That way I'm not bouncing email on what could,
ironically, be a transient DNS issue.
Well, actual DNS answers are not supposed to be transient issues, those
are the result of timeouts and other lookup failures, however, if we
provide the hard-fail feature, creating a soft-fail variant is perhaps
not unreasonable as a matter of completeness.
The transient issue would be not getting a complete RRset to begin with.
It's not the common fault case, but I've seen it happen.
