<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: People forging their From: addresses

On Fri, 2 Oct 1998, Wilfried Woeber, UniVie/ACOnet wrote:

+ >    1)	If DNS really returns "NonExistant Domain"
+ >	you MAY return 5xx.
+   ...and you might want to think twice or check more than once :-)
+   In the (not so rare) cases where *all* NS servers for a certain domain
+   are lost for a while (e.g. due to connetivity problems), you would then
+   bounce perfectly valid mail.

But wouldn't that be SERVFAIL instead of NXDOMAIN ? If all authoritative
nameservers for a particular domain are unreachable the domain still
exists (since it is delegated from the nameservers one step higher in the
tree). It is impossible however to get authoritative answers about the
domain but that's different from the authoritative answer that the domain
(or host) is non-existent.

It shouldn't be too hard to have an MTA distinguish between a DNS server
failure (SERVFAIL) or an authoritative NXDOMAIN answer. SERVFAIL resulting
in a 4xx error, NXDOMAIN in a 5xx.


<<< Chronological >>> Author    Subject <<< Threads >>>