About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: People forging their From: addresses

  • To: "Wilfried Woeber, UniVie/ACOnet" < >
  • From: Xander Jansen < >
  • Date: Fri, 2 Oct 1998 16:38:08 +0200 (CDT)
  • Address: "Radboudburcht, P.O. Box 19115, 3501 DA Utrecht, NL"
  • Cc:
  • Organisation: SURFnet ExpertiseCentrum bv
  • Phone: +31 302 305 305
  • Telefax: +31 302 305 329
On Fri, 2 Oct 1998, Wilfried Woeber, UniVie/ACOnet wrote:

+ >    1)	If DNS really returns "NonExistant Domain"
+ >	you MAY return 5xx.
+ 
+   ...and you might want to think twice or check more than once :-)
+ 
+   In the (not so rare) cases where *all* NS servers for a certain domain
+   are lost for a while (e.g. due to connetivity problems), you would then
+   bounce perfectly valid mail.

But wouldn't that be SERVFAIL instead of NXDOMAIN ? If all authoritative
nameservers for a particular domain are unreachable the domain still
exists (since it is delegated from the nameservers one step higher in the
tree). It is impossible however to get authoritative answers about the
domain but that's different from the authoritative answer that the domain
(or host) is non-existent.

It shouldn't be too hard to have an MTA distinguish between a DNS server
failure (SERVFAIL) or an authoritative NXDOMAIN answer. SERVFAIL resulting
in a 4xx error, NXDOMAIN in a 5xx.

Xander
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community