[Mailman-Users] DNS error behaviour with DMARC
Barry S. Finkel
bsfinkel at att.net
Wed Aug 27 20:54:56 CEST 2014
On 8/27/2014 10:54 AM, Jeff White wrote:
> With dmarc_moderation_notice set to anything but "Accept" Mailman will
> do a DNS query for every message that comes in and check the DMARC
> record of the sending domain. I have two questions regarding this:
> 1. Has anyone on this list noticed any performance issues with the
> overhead this adds? I doubt there is anything noticeable but curious if
> anyone has seen any issue.
> 2. What is Mailman's behaviour if the query fails (e.g. times out)?
> Defaults.py says:
> # Parameters for DMARC DNS lookups. If you are seeing 'DNSException:
> # Unable to query DMARC policy ...' entries in your error log, you may need
> # to adjust these.
> # The time to wait for a response from a name server before timeout.
> DMARC_RESOLVER_TIMEOUT = seconds(3)
> # The total time to spend trying to get an answer to the question.
> DMARC_RESOLVER_LIFETIME = seconds(5)
> ... but what happens to the post when DNSException is thrown? Is the
> message rejected and a bounce sent to the poster? Is it re-queued and
> tried again? If so when does Mailman give up? Does Mailman simply
> shunt the post and throw an error?
> If someone can point me to the file that holds this code I can review it
> and report what the behaviour is.
As for item 1 - What is your DNS setup? If the Mailman server has a
cacheing-only name server on the same box (and it is good to do so),
or if the Mailman server is contacting a local DNS server for DNS
resolution, then the local DNS server should have the information
cached (for a TTL determined by the owner of the DNS record), so DNS
traffic should be minimal. I assume that the owner of a DMARC record
in DNS will place an appropriate TTL on the record so that the record
will remain in a DNS cache for a time that will limit the number of
DNS requests back to the master DNS server. A domain owner should
have multiple DNS servers so that one is always accessible for queries.
More information about the Mailman-Users