Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNSCheckValidation: Safe way to query AAAA record #301

Closed
cuchac opened this issue Jul 15, 2021 · 4 comments
Closed

DNSCheckValidation: Safe way to query AAAA record #301

cuchac opened this issue Jul 15, 2021 · 4 comments

Comments

@cuchac
Copy link

cuchac commented Jul 15, 2021

Hello,
I'm using DNSCheckValidation in production on many sites with great success. Recently I discovered some specific domains that are validated as invalid. Those domains are valid and have correct MX records.

The root cause of problem is that PHP issues "A temporary server error occurred" for AAAA dns_get_record because domain servers returns SERVFAIL for AAAA records. Probably it is not so rare behavior because RFC exists to deal with this issue: https://datatracker.ietf.org/doc/html/rfc4074 - AAAA check should be done separately from A / MX check because AAAA can fail and request for A + AAAA also returns failure.

I found a workaround by overriding in subclass
protected const DNS_RECORD_TYPES_TO_CHECK = DNS_MX + DNS_A + DNS_AAAA;
with
protected const DNS_RECORD_TYPES_TO_CHECK = DNS_MX + DNS_A;

Do you have any ideas how to deal with this issue? Obviously DNSCheckValidation can check MX + A record first and in case of failure do another AAAA lookup.
I was trying to find some way how to make dns_get_record with DNS_MX + DNS_A + DNS_AAAA return success but so far I've found nothing.

Testing domain affected by this issue is: sazka.cz
See here dns_get_record with and without AAAA record: https://www.tehplayground.com/vlDYL3FrqaPSNIaL

@egulias
Copy link
Owner

egulias commented Jul 16, 2021

Hi @cuchac , I'm glad you have found usefull the validation.
Very detailed issue, thanks.
My understanding, from your words, is that this case is common enough to have an RFC while it is also rare enough. I believe DNS validation is not so used.

So, option I see would be something like:

  1. Transform from const to a private property
  2. Add a way to pass "configuration" via a helper type/class or consts, with sensible default to current behaviour to avoid BC breacks

This way it would allow for flexibility in use cases and keep BC.

What do you think? Happy to discuss over a PR ;)

@sandermarechal
Copy link

I have the exact same problem. AAAA validation fails because it gets back a SERVFAIL and dns_get_record() returns FALSE, even though an MX record and A record exist.

Perhaps you should not query MX + A + AAAA at the same time. Query just MX, when it does not exist, query A, if that does not exist then finally query AAAA.

@crishoj
Copy link
Contributor

crishoj commented Oct 2, 2023

The key point is here:

RFC exists to deal with this issue: https://datatracker.ietf.org/doc/html/rfc4074 - AAAA check should be done separately from A / MX check because AAAA can fail and request for A + AAAA also returns failure.

Since a combined lookup for A + AAAA + MX can fail with SERVFAIL (despite valid A and MX records existing), the check for AAAA needs to happen separately.

crishoj added a commit to crishoj/EmailValidator that referenced this issue Oct 2, 2023
@egulias egulias closed this as completed in ebaaf5b Oct 6, 2023
@egulias
Copy link
Owner

egulias commented Oct 6, 2023

Thanks @crishoj .
Released under 4.0.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants