North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Criminals, The Network, and You [Was: Something Else]
On Wednesday 12 September 2007 16:54, you wrote: > > My mail servers return 5xx on NXDOMAIN. If my little shop can spend not > too much money for three-9s reliability in the DNS servers, other shops > can as well. You get NXDOMAIN when an authoratitive servers says there is no such domain, it doesn't occur if the DNS servers aren't available. So I fail to see the connection to reliability of DNS servers. All well engineers mail services provide 4xx (or accept the email) on SERVFAIL (or other lookup failure), if they insist on checking DNS information as part of accepting email. One has to allow for the case where the mail servers can't speak to the DNS servers, which may include cases where the DNS servers are available, but say routing, or other parts of the DNS are fubar. Serious programmer(s?) spent a lot of time making sure the MTA we use does the right thing under all error conditions so far encountered, I'd consider altering that behaviour vandalism. I feel like some sort of clumsy cave man compared to the authors every time I configure it as it is.