Rbldns for text and data

Alessandro Vesely vesely@tana.it
Thu Jan 10 19:08:23 CET 2019 

On Thu 10/Jan/2019 16:47:13 +0100 Denny Watson via dev wrote:

> On 1/8/19 11:41 AM, Alessandro Vesely via dev wrote:
>> Hi all,
>> 
>> I'm using rbldnsd to serve dnswl data cached locally.  My mail server has been
>> using that since 2013.  Sometimes last year it stopped working.  I found out
>> that the server software (Courier-MTA) updated DNSBL lookups to stop use
>> ANY.[*]  The option was to query A or ANY, now A or TXT.  Switching to A made
>> filters work as before.  However, sometimes I miss the TXT record.  Is there a
>> way to push both records after a TXT query?
>> 
> 
> I am not sure that I understand your question;
> 
> You want to return TXT records when querying for A records?


Rather the opposite, here's what I want:

MTA -> A
       A      <-DNS

MTA -> TXT?
       A, TXT <-DNS

MTA -> ANY?
       A, TXT <-DNS


That is, TXT replaces the deprecated (or deprecand) ANY.


> If this is the case, I would believe that your MTA wouldn't handle them as
> you would expect, as the MTA asked for A and the DNS server responded with 
> TXT.

Maybe the MTA will discard the TXT and just take the A it asked for.  However,
since it is a DNSxL query where it used to ask for ANY, it may accept it.


> Had it asked for ANY, it would know how to handle (or at least look for
> things that it could handle) in the response.

Yes.  However, ANY is going to be deprecated:
https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any-07

(That's still a draft but it made enough noise already.)

It is the A record which drives mail filter's behavior thereafter.  The TXT
record is a useful addition, but it's not essential.  Wouldn't it be possible
to add it to the response, as if it was a glue record?  Or would one need to
patch the code to get such behavior?

I'd bet I'm not alone with this problem, but cannot find "official" solutions.


> If you want to use values that are returned via TXT records, it would be
> best for the MTA to ask for these.


That takes two queries instead of one.  A "correct" DNSBL query might possibly
use a second query if the server doesn't push the A along with the TXT.  That's
possible only if TXT and A always match.  If I were to patch the MTA I would
provide for a fallback like so:

MTA -> TXT?
       TXT    <-DNS
MTA -> A?  # fallback
       A      <-DNS

No second query here (wanted rbldns behavior):

MTA -> TXT?
       A, TXT <-DNS

Nor here:

MTA -> TXT?
       NXDOMAIN <-DNS

(Note that this is the wanted, DNSxL-specific behavior if the user configured
the additional TXT for that DNSxL.  If the user configured A records only, it
already works well.)


Best
Ale
--

More information about the dev mailing list