On Thu, Jul 26, 2012 at 10:45 PM, Mark Andrews <marka@isc.org> wrote:
In message <B59A4092-CE2F-44E4-84F9-77C18493AD95@kapu.net>, Michael J Wise writ es:
And maybe an endless loop for an MX lookup might be what is causing = hotmail to panic and throw out the MX records.
You don't lookup MX records for MX targets. This is basic MTA processing.
Correct. An MX record points to a label containing one or more address records. It does not chain. In principle the MX record could point to a CNAME record which then chains until it reaches an address record but I wouldn't depend on such a configuration working correctly. Ditto the MX lookup fetching a CNAME which chains until it reaches a label with an MX record.
You don't depend on ALL (ANY) returning MX records as they may not be in the cache. You need to make a explict MX query you get no MX records are returned in response to a ALL query.
Also correct.
If the MX lookup fails, as apposed to returns nodata, you don't lookup the A/AAAA records and synthesis a MX record. You treat it as a soft error and queue for retry later. Again this is basic MTA processing.
Maybe. In principle this is correct but as you wander through various bits of software in the name lookup process (which often consults more than just the DNS -- even today DNS isn't the only game in town) it's pretty easy to lose track of the difference between lookup failure and success:no data. Think about it... how is the MTA to respond if the primary lookup reports success:no data (e.g. /etc/hosts) but a second tier lookup (e.g. DNS) reports lookup failure? What if DNS is third tier and the second tier is some kind of CIFS or NIS lookup which fails? Or reports success:no data. Or the DNS gets translated through a middleman (like NIS) which doesn't preserve the difference between fail and success no data. Does the whole lookup fail because part did? Gets ambiguous. Further, falling back to the address lookup in the absence of MX records is correct behavior for an MTA. What *should* happen here is that the guy's web server should reject the port 25 connection (an SMTP soft fail condition) and on the next retry hotmail should find the MX record and follow it. Either way, I think I'd have to consider this -advanced- MTA processing. You have to really know your stuff to get this one right. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004