[dns-operations] A problem with using DNAMEs in reverse lookups

SM sm at resistor.net
Sun Apr 3 17:45:37 UTC 2011

Hi Jeroen,
At 09:41 03-04-2011, Jeroen Massar wrote:
>821/2821/5321 all state that, though differently formulated from how I
>wrote it.

 From RFC 5321:

   "Although the capability to try multiple alternative addresses is
    required, specific installations may want to limit or disable the use
    of alternative addresses.  The question of whether a sender should
    attempt retries using the different addresses of a multihomed host
    has been controversial.  The main argument for using the multiple
    addresses is that it maximizes the probability of timely delivery,
    and indeed sometimes the probability of any delivery; the counter-
    argument is that it may result in unnecessary resource use."

Also see the discussion about retry strategies in Section 4.5.4.

>5xx is fatal btw, nothing that can change as it is a final decision that
>the command can never succeed. That 5xx should also be generated by the
>other MXs. A 3xx/4xx can be retried though, but at another MX, not at
>the same MX but at another address.

I'll leave 3yz out for ease of discussion.  The SMTP client can retry 
the same MX after a 4yz status code.  A 5yz signals a permanent error 
in general.

>For folks using greylisting the 'try all the addresses' bit just
>generates a lot of connects which should not happen, though indeed the
>sender will still hit on their other MXs, but not on all the addresses
>of them.

Yes.  One problem is that there isn't a standardized mechanism for 
the SMTP server to tell the SMTP client that the SMTP failure is due 
to greylisting.


More information about the dns-operations mailing list