2

What happens to mail if a sender is unable to get DNS resolution for the mail server?

For example suppose mail is being sent and the MX record is found to be mx.example.com. But the attempt to resolve mx.example.com by finding an A record to give the IP address fails. Will the sender retry later, or regard the mail as permanently undeliverable?

If the latter, would the situation be better if a second MX record pointed to a non functional but resolvable host name on another domain?

The reason I ask is that I am currently experiencing a small but significant number of DNS failures in a variety of contexts. This is happening across a wide range of public name servers and despite using a top quality name service. I am also getting occasional reports of mail delivery failures. I suspect the two are connected as server monitoring is reporting occasional down time and citing failure to resolve the hostname as the nature of the failure.

ADDED INFO: My concerns are raised by a small number of instances of large organisations telling me or other users of mail boxes on the same domain that mail is not working. I know from monitoring that the mail server is up for the vast majority of the time and any periods of down time are very brief. This, along with the reports from monitoring of failures being the result of inability to resolve the mail server name to an IP address, is making me think that senders are treating DNS failures as permanent failures and not retrying. But much of the process is outside my control, and I am looking for things that can be done to eliminate the problem. Large organisations that claim mail is failed are very unlikely to respond to requests for technical details for their claim, which doesn't help.

mbrampton
  • 301
  • 3
  • 12

1 Answers1

3

In general there are two options:

  • the mailserver used by the sender triggers an immediate delivery failure and the sender gets bounce notification with a "friendly" error message
  • the mailserver used by the sender recognises a temporary problem and will queue the message for later delivery. Depending on how quickly the issue is resolved the message will reach its intended recipient or the queue will time out and the sender gets a delayed bounce message.

I think it depends on the exact DNS failure modes and the effect might even differ on the sending mailserver...

There are a number of Canonical Q&A's with regard to DNS (such as this one) that might give some relevant background.

Community
  • 1
HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • Thanks. There isn't much I can do about DNS. I cannot control what recursive server will be used by mail senders. My tests use well known and generally highly regarded services such as Google. Problems are not eliminated by using my own local recursive name server. The domain of the mail server is currently handled by NS One, one of the best services available. I was seeing similar problems with my own DNS config. In both cases multiple name servers are available at diverse locations. – mbrampton Dec 13 '16 at 17:43
  • 3
    If I recall correctly, the rfc says queue then fail, but not all mailservers follow the RFC. – Jim B Dec 13 '16 at 18:23
  • I can't find any RFC that defines what should happen during mail relaying when the MX host name cannot be resolved. Any offers please? – mbrampton Dec 14 '16 at 08:00
  • 1
    A hard error DNS error like a `NXDOMAIN` quite clearly marks the message domain as undeliverable (the domain is not registered and no MX or other DNS record will be found). - A `SERVFAIL` implies a (potentially temporary) misconfiguration in the domain's DNS but the immediate effect is the same, no MX or alternate record can be found (but maybe later they will be available again) – HBruijn Dec 14 '16 at 08:17
  • For some reason, it is more complicated than that. Monitoring failures presumably do find the MX record, since they report a lookup failure on the mail server host name (which would not be known if the MX record had not been found). I have never seen a failure to find the domain at all. What appears to happen is SERVFAIL on the host name lookup. – mbrampton Dec 14 '16 at 08:32
  • Sorry, please ignore the last comment, I think it is wrong. But I'm still stuck to see any way to improve matters. – mbrampton Dec 14 '16 at 12:05