[Top] [All Lists]

Re: BCP for handling DNS SERVFAIL results

2005-11-27 15:51:08


Yes and no. No, I wasn't aware of this specific SendMail implementation
"kludge" to accommodate a flawed behavior. But yes, I guess it was done
because the author (greg?) realized the environment of various bozo types
(from admins, to buggy DNS servers) was prevalent.

We all (authors) have to do this like we don't like, thats the nature of the

In this case, I wasn't aware of a history of DNS servers having some form or
another problem with SERVFAIL responses. So this was fixed now that I found
out the cause and solution.

I don't think it is 100% related to having a bad setup, although that is
what I initially thought was the case here. has a A record, no MX record.  the
authoritive server was passing info to my DNS server, which it didn't handle
right.  I'm not a DNS admin so I can't tell you 100% if this domain is setup
wrong, other than the fact it has no MX record.

I can see an specific implementation option, not a recommendation for BCP,
called "BozoServerFailChecks"  which might work like this:

  1) Perform all query checks as normal, using SERVFAIL to move to next
     server list.

  2) Maybe after all retry attempts, try the A record atleast once to
     close the deal or follow the option setting:

      BozoServerFailChecks -1  ; final deal
      BozoServerFailChecks  2  ; Try A record after 2 retries
      BozoServerFailChecks  0  ; Off, DEFAULT

Hector Santos, Santronics Software, Inc.

----- Original Message -----
From: <Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Cc: "Arnt Gulbrandsen" <arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no>; 
<ned+ietf-smtp(_at_)mrochek(_dot_)com>; <sm(_at_)resistor(_dot_)net>
Sent: Sunday, November 27, 2005 3:30 AM
Subject: Re: BCP for handling DNS SERVFAIL results

On Sun, 27 Nov 2005 02:45:18 EST, Hector Santos said:

But if you search the net, you will find discussions on this SMTP client
consideration.   I can only suggest the historical reason is that there
many DNS servers producing the erroneous SERVFAIL failures

I can only suggest that in an environment were a lot of bozos were unable to
properly set up their DNS, it's not at all surprising to find that other
were recommending totally bogus methods of working around the ineptitute of
the first set of bozos.

Or were you thinking of this from Sendmail:

        New ResolverOptions setting: WorkAroundBrokenAAAA.  When
                attempting to canonify a hostname, some broken nameservers
                will return SERVFAIL (a temporary failure) on T_AAAA (IPv6)
                lookups.  If you want to excuse this behavior, use this new