ietf-clear
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[clear] Consensus on Multiple SRV RRs

2005-07-01 06:07:43
from [Tony Finch] [Permanent Link] 
The CSA spec shall be updated to state that domains MUST NOT publish
multiple version 1 (priority==1) CSA SRV records for the same HELO
string. Receiving SMTP servers MAY return a permanent error in response
to the HELO/EHLO if more than one is found.


That would be wrong. The standard SMTP response for DNS configuration
errors is 4xx.


Tony is right.  (He always is.)


Actually, maybe not - I over-simplified. (Thanks to John Leslie for
making me be more precise.) RFC 2821 says:

   4yz   Transient Negative Completion reply
      The command was not accepted, and the requested action did not
      occur.  However, the error condition is temporary and the action
      may be requested again.  The sender should return to the beginning
      of the command sequence (if any).  It is difficult to assign a
      meaning to "transient" when two different sites (receiver- and
      sender-SMTP agents) must agree on the interpretation.  Each reply
      in this category might have a different time value, but the SMTP
      client is encouraged to try again.  A rule of thumb to determine
      whether a reply fits into the 4yz or the 5yz category (see below)
      is that replies are 4yz if they can be successful if repeated
      without any change in command form or in properties of the sender
      or receiver (that is, the command is repeated identically and the
      receiver does not put up a new implementation.)

So this last sentence would imply a 5xx response for misconfigured CSA SRV
records, and this tallies with common responses to bad MX records (if the
MTA software is paranoid enough to check them for RFC1918 addresses etc.).

The 4xx I referred to above can come from lower-level DNS problems that
prevent a DNS lookup from succeeding (bad delegation, etc.). The exact
meaning of "without any change ... in properties of the sender or
receiver" isn't totally clear because this kind of broken-DNS 4xx response
requires someone to fix something in order to be resolved. But if you
understand "properties" to be restricted to things that are directly
email-related (e.g. MTA software and configuration, MX records, CSA SRV
records) as opposed to incidentally related (e.g. DNS delegation) then I
think it makes sense.

Yes? No?

Tony.
-- 
f.a.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  [clear] Consensus on Multiple SRV RRs, MH Michael Hammer (5304)
Next by Thread:  [clear] Consensus on Multiple SRV RRs, John Leslie
Indexes:  [Date] [Thread] [Top] [All Lists]