On Thu, 22 May 2008, J D Falk wrote:
I'm confused. Arvel and Wietse's approach seems to make perfect sense to
me, but some other very smart people who I also have a lot of respect for
are disagreeing with them...so I have to assume that I'm missing something.
My opinion is that the correct way to check for the existence of a mail
domain using just the DNS is described in RFC 2821 section 5. I think this
is simplest from the wordsmithing point of view, likely to be easiest to
implement using existing code, and safer because it avoids the tricky
distinction between NODATA and NXDOMAIN (which even serious experts can
get wrong as John Levine recently illustrated).
AFAICT Wietse thinks the full check is unnecessarily complicated, and
since a purely DNS check cannot give an even remotely accurate answer
(because of the A/AAAA fallback) it might as well be simplified to just
checking for NXDOMAIN. (The additional invalid domains that NXDOMAIN fails
to identify include intermediate labels without records, such as
csx.cam.ac.uk, or domains with records none of which are mail-related,
such as cambridge.ac.uk and almost all of the in-addr.arpa tree.)
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
SOLE: EAST OR NORTHEAST 3 OR 4, INCREASING 5 TO 7, PERHAPS GALE 8 LATER.
MODERATE, OCCASIONALLY ROUGH. RAIN OR THUNDERY SHOWERS. MODERATE OR GOOD,
OCCASIONALLY POOR.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html