[exim-dev] [Bug 488] Failed name server leads to unroutable …

Top Page
Delete this message
Reply to this message
Author: bug488
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 488] Failed name server leads to unroutable address error
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

http://www.exim.org/bugzilla/show_bug.cgi?id=488





------- Comment #2 from graeme@??? 2007-03-22 10:57 -------
On 21/03/2007 21:43, marc@??? wrote:
> I think this is a bug. A valid domain where the name servers are unreachable
> results in an error "unroutable address" rather than retrying. I ran into this
> situation where due to a network routing problem my name servers couldn't reach
> the domains name servers and rather than retrying it failed as if the domain
> didn't exist.


I don't believe this is a bug within Exim itself. It's an
interoperability problem, for sure, but not a bug - and it applies to
all applications which use DNS.

Let me explain:

If a domain - any domain - has nameservers A and B, and your machine
running Exim (machine C) cannot reach those servers, how does the
resolver on machine C (or any application running on it) know that the
domain is "valid"?

A common way of forcibly expiring domains (say, for repeated non-payment
or abuse reasons) within the ISP or hosting world is to simply delete
the zone from the authoritative nameservers. It sure gets customers'
attention when their domains disappear, I can tell you :)

Anyway: at that point, the root name servers or TLD nameservers for the
domain will be referring queries to the authoritative servers, which no
longer act authoritatively for it and return NXDOMAIN. At this point,
whatever application is making the query will bomb out with (in Exim's
case) an error of the form "unrouteable address".

Extending the problem outwards to your case (which doesn't get NXDOMAIN
back from the authoritative servers), there is _no way_ for the machine
C to know whether the lack of response is because:

a) the authoritative nameservers have been permanently switched off
b) the authoritative nameservers have firewalled you out
c) the authoritative nameservers have a problem meaning that their
nameserver software isn't running
d) some odd network problems are causing your queries to either not
reach the authoritative nameservers, or the responses to not get back
e) some other problem (there are many possibilities)

So, at this point, how does the application on machine C determine
whether the domain is "valid" or not? The only way it can respond is
(anthropomorphically speaking) with a shrug of the shoulders and an "I
can't be bothered carrying on with this, I cannot find the thing you're
looking for" style error.

Network problems can be hell, especially if they segment things the way
you saw.

Graeme

--
Configure bugmail: http://www.exim.org/bugzilla/userprefs.cgi?tab=email