Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement better DNS Retry logic (Agency 2 Pilot: EXO 2.4; DMARC Failures) #38

Closed
schrolla opened this issue Dec 22, 2022 · 3 comments
Closed

Implement better DNS Retry logic (Agency 2 Pilot: EXO 2.4; DMARC Failures) #38

schrolla opened this issue Dec 22, 2022 · 3 comments
Labels
bug This issue or pull request addresses broken functionality
Milestone
Dolphin

Comments

@schrolla
Copy link
Collaborator

Agency 2 manages their DMARC policy outside of EXO but could still verify they meet the policy via DNS lookups. We should investigate why they failed.
@schrolla schrolla added this to the Backlog milestone Dec 22, 2022
@Dylan-MITRE Dylan-MITRE mentioned this issue Jan 5, 2023
Closed
@nanda-katikaneni nanda-katikaneni modified the milestones: Backlog, Dolphin Jan 9, 2023
@gdasher
Copy link
Collaborator

gdasher commented Feb 2, 2023

The DMARC policy in the rego is based purely on DNS. Looking at Agency 2 and Agency 1's data, the DNS results are not being correctly populated for a subset of their domains, perhaps due to transient errors.

I believe the appropriate fix for this issue is better retry logic for DMARC. I am retitling the bug as soon and unassigning from me for prioritization of implementation in Dolphin (or deferral to later release).

@gdasher gdasher changed the title Agency 2 Pilot: EXO 2.4; DMARC Failures Implement better DNS Retry logic (Agency 2 Pilot: EXO 2.4; DMARC Failures) Feb 2, 2023
@gdasher gdasher removed their assignment Feb 2, 2023
@gdasher
Copy link
Collaborator

gdasher commented Feb 2, 2023
edited

Specifically, on transient DNS failures, we should retry as well as differentiate this error condition from NXDOMAIN. Logic should cover all policies reliant on DNS data (DMARC, SPF, DKIM).

@gdasher gdasher mentioned this issue Feb 2, 2023
Closed
@gdasher
Copy link
Collaborator

gdasher commented Feb 2, 2023

Closing as duplicate of #41

@gdasher gdasher closed this as completed Feb 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue or pull request addresses broken functionality
Projects
None yet
Milestone
Dolphin
Development

No branches or pull requests
3 participants
@gdasher @nanda-katikaneni @schrolla