North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mail does bounce (was: Customers down?)

  • From: Greg A. Woods
  • Date: Mon Jan 03 00:54:06 2000

I think you didn't read what I actually wrote:

> > > > I know for certain that Postfix and Smail will immediately bounce a
> > > > message when the domain is authoritatively non-existant.  I'd be very
> > > > surprised and dismayed if sendmail and all other true SMTP mailers did
> > > > not do exactly the same thing.

I.e. when a nameserver authoritative for the parent domain returns an
authoritative "no such domain" answer then the mail must bounce

Now I do apologise for giving an incomplete answer to a different
question, especially the way I changed the subject line.  I'm afraid the
new subject line was somewhat of an afterthought and indeed ended up
being misleading.

Now, remember, in the DNS a "host name" is a "domain name" (with an A RR).

If someone sends mail to <[email protected]>, but
that time none of the nameservers for "" are
authoritative (i.e. lame delegation) then the default behaviour of most
DNS resolvers will be to return a non-authoritative NO_DATA (or
HOST_NOT_FOUND depending on what question was asked).

Now unfortunately not all resolvers, and more importantly not all
resolver interface libraries, are alike.  Mailers that use the
res_search(3) interface do not always get a "TRY_AGAIN" answer, even in
the above case (which is about the "best case" scenario for the failure
case which started this thread).  I've seen several 4.9.x based
resolvers return HOST_NOT_FOUND or NO_DATA (which are supposed to only
be returned for authoritative answers according to some manuals).

If I'm not mistaken the following is an example of this happening (from
the RES_DEBUG output):

	;; res_querydomain(, <Nil>, 1, 15)
	;; res_query(, 1, 15)
	;; res_mkquery(0,, 1, 15)
	;; res_send()
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17056
	;; flags: rd; Ques: 1, Ans: 0, Auth: 0, Addit: 0
	;;, type = MX, class = IN
	;; Querying server (# 1) address =
	;; got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17056
	;; flags: qr rd ra; Ques: 1, Ans: 0, Auth: 1, Addit: 0
	;;, type = MX, class = IN
	;; AUTHORITY RECORDS:      8926    IN      SOA (
	                        2000010200      ; serial
	                        14400   ; refresh (4 hours)
	                        7200    ; retry (2 hours)
	                        604800  ; expire (7 days)
	                        14400 ) ; minimum (4 hours)
	;; rcode = 3, ancount=0

The point is that things aren't always as simple as they might seem at
first, and indeed it's not always the mailer's fault....

[ On Saturday, January 1, 2000 at 21:41:25 (-0500), Steven J. Sobol wrote: ]
> Subject: Re: mail does bounce (was: Customers down?)
> Hm. I think you're looking at this from a different angle. Yes. If
> the domain can't be found because there are no records in the root
> nameserver, a sane mailer should bounce the message,

Even though it appears you do understand (at least fundamentally), and
indeed agree with what I actually said!  :-)

> and in fact,
> Sendmail does, as shown by the following bounce message 

I thought so.....

> What I was referring to was a situation where the domain does exist in the
> root nameservers but the authoritative nameservers are unavailable.

If you s/root/parent/ then indeed you've got it right, as does Postfix,
Smail, and supposedly sendmail too, but they rely on the resolver
library working as it should too.

Now if only we could just teach sendmail that mail must also bounce
immediately when any 5xx *permanent* error reply is returned!  :-)

							Greg A. Woods

+1 416 218-0098      VE3TCP      <[email protected]>      <robohack!woods>
Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>