On Sunday, 14 October 2018 7:28:46 PM AEDT Andrew McGlashan via luv-talk wrote:
On 14/10/18 19:04, Rick Moen via luv-talk wrote:
Quoting Andrew McGlashan (andrew.mcglashan@affinityvision.com.au):
I'm not positive, but I think if mail is in the queue and resolution for the domain name isn't forthcoming due to possible down DNS server(s), then the mail will stay in the queue and it will be tried for delivery later with fresh DNS requests as well (in terms of mail when it comes to DNS answers). Of course, finding a server for other services (web for instance) would be an immediate problem when the TTL expires.
Could be right. I'd not embarrass myself by saying your guess is right or wrong without checking. ;->
Being specific about scenarios, here: I'm pretty sure that any newly generated mail that triggers a DNS lookup that gets immediate socket failure on all auth nameservers is going to get immediate 45x hard fail.
45x isn't a hard fail, all the 4xx codes are for temporary failures. 45x are for corrupted mailbox, server connection problem, or server storage limit exceeded.
Hmm, a test mail to a non-existent FQDN is a logically identical case, wouldn't you agree? I could be missing something, otherwise, it would appear that in the scenario I describe the failure is immediate.
It might not be so easy to test.
# mailq -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 3C48FEE5F 425 Sun Oct 14 11:51:28 root@sws.net.au (Host or domain name not found. Name service error for name=test.coker.com.au type=MX: Host not found, try again) test@test.coker.com.au It's trivial to test, put in an NS record for a subdomain of one of your domains that points to a system that's well firewalled and refuses to respond to port 53. Then send mail.
The name servers for a domain name are "glued" in the system, so to speak. That is, the authoritative IP address to use for name servers need not necessarily have an "A" RR associated with it. The upstream registry has to know where (IP address) to get answers from for the domain name. If you have "A" records (as you would normally do), then you can make DNS queries using those servers using the IP given by the A record.
http://wiki.gandi.net/en/glossary/glue-record The above page has a good description of glue records. You should still have A records that match the glue records (I haven't tested what happens if you don't, it would probably work much of the time and fail in strange and interesting ways).
Using a random and otherwise non-existent domain name will give you an immediate fail though.
Yes, you get a failure if an authoritative name server says that the name in question doesn't exist. In terms of my example mail sent to test@test2.coker.com.au will generate an immediate bounce. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/