Jim Popovitch has proposed merging lp:~jimpop/mailman/dmarc-dnssec-validation-fix into lp:mailman/2.1.
Commit message: Improved DMARC testing for domains with DNSSEC validation problems Requested reviews: Mark Sapiro (msapiro) For more details, see: https://code.launchpad.net/~jimpop/mailman/dmarc-dnssec-validation-fix/+merge/329821 Two proposed fixes for DMARC testing in Mailman 2.1 1) Test for dns.resolver.NoNameservers exception when querying the _dmarc.domain.tld RR. This typically means that there is a DNSSEC validation failure for that RR (i.e bogus RRSIG). If the Mailman server is running a DNSSEC validating resolver, the Mailman server will NOT see the _dmarc RR, whereas a subscriber not using a validating resolver would see the _dmarc RR. This potential inconsistency means we should munge the post to prevent potential problems as DNSSEC validation is becoming more popular. 2) Any addition errors in querying the _dmarc.domain.tld RR should result in the post being munged. The potential for inconsistencies is mitigated by munging posts from sites with DNSSEC inconsistencies. These 2 conditions will be logged by Mailman. -Jim P. -- Your team Mailman Checkins is subscribed to branch lp:mailman/2.1. _______________________________________________ Mailman-checkins mailing list Mailman-checkins@python.org Unsubscribe: https://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org
