net: LookupMX does not consider IP addresses as valid records

[horkhe]

This is a followup to #46979. I found another case where https://golang.org/cl/322230 broke the original logic. Even though MX records MUST contain domain names, occasionally they contain IP addresses. And this change considers IP addresses as invalid records and returns an error making delivery to respective email service providers impossible. The number of such cases is minuscule in the great schema things, but still we at Mailgun handle a few thousand messages to such email providers per hour. So in the spirit of Robustness Principal I believe a change should be made to allow IP addresses in MX records.

[horkhe]

By the way we ran into similar issue: the LookupSRV function does not work well with Nomad/Consule that exposes instance ip:port via SRV records, but LookupSRV enforces domain names. So guys, maybe you should stop trying to "fix" the Internet and just make resolver methods return whatever DNS servers provide you with. Or at least provide us with a way to disable the annoying validation.

[cagedmantis]

@ianlancetaylor @neild

[dcormier]

I've noticed this a bit, lately. Here's a handful of domains with MX records where at least one is an IP address (as of 2024-04-19):

• testsys.com
• eohu.ca
• libertyhardware.com
• sbc-holding.com
• victoriafallshotel.com
• lucelec.com
• clearchannel.com.br
• thefloow.com
• cityofscottsboro.com

[ianlancetaylor]

CC @rolandshoemaker @golang/security

[mateusz834]

We currently support domain names that contain digits in arbitrary places, but it also has to contain at least one non-digit character (except dots).

go/src/net/dnsname_test.go

Line 22 in 903e0ff

{"26.0.0.73.com", true},

Also RFC 1123:

2.1 Host Names and Numbers
The syntax of a legal Internet host name was specified in RFC-952
[DNS:4]. One aspect of host name syntax is hereby changed: the
restriction on the first character is relaxed to allow either a
letter or a digit. Host software MUST support this more liberal
syntax.

RFC 8499:

Note that any label in a domain name can contain
any octet value; hostnames are generally considered to be domain
names where every label follows the rules in the "preferred name
syntax", with the amendment that labels can start with ASCII
digits (this amendment comes from Section 2.1 of [RFC1123]).

[horkhe]

RFC is great, but we are talking about the real world. And the reality is that people do not read RFC. Being a bulk email sender (mailgun.com) we stumbled up on such cases. Currently we are getting around by using private net.(*Resolver).lookupMX with go:linkname hack. But as of Go 1.23 using go:linkname will be prohibited. So I guess the only option we will have is to just vendor/reimplement chunks of net.Resolver.

[rolandshoemaker]

@horkhe could you provide some data on the rates at which you see this issue?

I am not particularly opposed to being more lax here (i.e. just loosening the restriction to LDH+IP), but I don't want to do this if we're only fixing a very small number of otherwise incorrectly behaving servers. If there is data that shows this is actually significantly common, and there are high-volume mail servers that are relying on this behavior, then it would perhaps be reasonable to do.

[horkhe]

@rolandshoemaker sorry I missed this question. We at Mailgun deliver about 20_000 emails to MX hosts configured with IP addresses per day.

[gopherbot]

Change https://go.dev/cl/651056 mentions this issue: net: accept a valid IP address in LookupMX