Skip to content

Fix connection timeout issue when try combine MX + A records for specfic DNS when A record not exists #410

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: 4.x
Choose a base branch
from

Conversation

alexander-schranz
Copy link

Copied from #408


I have a IONOS and google cloud server and some A records fail to resolve the DNS_A + DNS_MX part:

php -r 'require_once("vendor/autoload.php"); $dnsCheckValidation = new \Egulias\EmailValidator\Validation\DNSCheckValidation(); var_dump($dnsCheckValidation->isValid("[email protected]", new \Egulias\EmailValidator\EmailLexer())); var_dump($dnsCheckValidation->getError());'

Locally all works like expected.

PS: Tried today a Hetzner Cloud server which has the same issue. I also tried directly the PHP:

php -r 'var_dump(dns_get_record("adif.es", DNS_A + DNS_MX));'

And it fails. Did found out the used DNS and tried dig command which ends in:

dig @185.12.64.2 +short A adif.es

Goes into ;; connection timed out; no servers could be reache

while over google it not errors just return nothing what is expected as only a MX record exists:

dig @8.8.8.8 +short A adif.es

Comment on lines +172 to +178
if ($mxRecordsResult->withError()
&& $aRecordsResult->withError()
&& $aaaaRecordsResult->withError()
) {
$this->error = new InvalidEmail(new UnableToGetDNSRecord(), '');
return false;
}
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unsure when we should return UnableToGetDNSRecord if one DNS lookup failed or when all failed?

@@ -177,6 +196,7 @@ private function validateDnsRecords($host): bool
return false;
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this expected as soon as one record doesn't pass validateMXRecord it marks the domain as failed? Didn't found any issue with it but thought about if we should do instead of 3 lookup check after every lookup if we already found a valid dns record and early return true. But that would mean this line would not work as expected that it early return false.

Copy link
Author

@alexander-schranz alexander-schranz Mar 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

personally I would expect something like this:

        // For each DNS record
        foreach ($dnsRecords as $dnsRecord) {
            if ($this->validateMXRecord($dnsRecord)) {
                return true; // do not check all domains
            }
            
            //if (empty($this->mxRecords)) {
            //    $this->warnings[NoDNSMXRecord::CODE] = new NoDNSMXRecord();
            // }
        }

        return false;

and then do something like todo A and AAAA check only when MX failed:

        $mxRecordsResult = $this->dnsGetRecord->getRecords($host, DNS_MX);

        if (! $mxRecordsResult->withError()
+           && $this->validateMxRecords($mxRecordsResult->getRecords())) {
-            $dnsRecords = $mxRecordsResult->getRecords();
+            return true;
        }

        // Combined check for A+MX can fail with connection timed out, even in the presence of valid MX record
        $aRecordsResult = $this->dnsGetRecord->getRecords($host, DNS_A);

        if (! $aRecordsResult->withError()
+           && $this->validateMxRecords($aRecordsResult->getRecords())) {
-            $dnsRecords = array_merge($dnsRecords, $aRecordsResult->getRecords());
+            return true;
        }

        // Combined check for A+MX+AAAA can fail with SERVFAIL, even in the presence of valid A/MX records
        $aaaaRecordsResult = $this->dnsGetRecord->getRecords($host, DNS_AAAA);

        if (! $aaaaRecordsResult->withError()
+           && $this->validateMxRecords($aaaaRecordsResult->getRecords())) {
-            $dnsRecords = array_merge($dnsRecords, $aaaaRecordsResult->getRecords());
+            return true;
        }
        
+        if ($mxRecordsResult->withError()
+            && $aRecordsResult->withError()
+            && $aaaaRecordsResult->withError()
+        ) {
+            $this->error = new InvalidEmail(new UnableToGetDNSRecord(), '');
+            return false;
+        }
+        if ([] === $mxRecordsResult->getRecords()
+            && [] === $aRecordsResult->getRecords()
+            && [] === $aaaaRecordsResult->getRecords()
+        ) {
+            $this->error = new InvalidEmail(new ReasonNoDNSRecord(), '');
+            return false;
+        }

+        $this->warnings[NoDNSMXRecord::CODE] = new NoDNSMXRecord();
        
        return false;

but I'm not deep into this Lib or DNS records and maybe the early return false make sense here to avoid something unexpectly happening.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The general strategy of the lib is fail fast . Now for this case, given that there are network roundtrips was to "confirm fase" if that make sense. Hence not checking all records, with one we do have a valid MX. Happy to change if you believe will improve accuracy.

With a more in depth validation like your proposal, I agree to the general idea you are suggesting on this comment: we go from more accurate to less accurate and we short-circuit when we find a match.

Implementation wise, I'd go for something like

        if (! $mxRecordsResult->withError()
            && $this->validateMxRecords($mxRecordsResult->getRecords())) {
             $dnsRecords = $mxRecordsResult->getRecords();
              return true;
        }
       // We know there are no MX records already
       $this->warnings[NoDNSMXRecord::CODE] = new NoDNSMXRecord();
      //If you feel like so, you can create new warnings for each missing DNS record
      //...

     //do the logic for error setting here
     $this->setError($mxRecordsResult, $aRecordsResult, $aaaaRecordsResult)

Copy link

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
Report missing for 51534601 81.82%
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (5153460) Report Missing Report Missing Report Missing
Head commit (39fb12b) 715 656 91.75%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#410) 11 9 81.82%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

Footnotes

  1. Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.

Copy link
Owner

@egulias egulias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @alexander-schranz , did a comment on your thoughts. I agree with them, just added some notes.

@@ -177,6 +196,7 @@ private function validateDnsRecords($host): bool
return false;
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The general strategy of the lib is fail fast . Now for this case, given that there are network roundtrips was to "confirm fase" if that make sense. Hence not checking all records, with one we do have a valid MX. Happy to change if you believe will improve accuracy.

With a more in depth validation like your proposal, I agree to the general idea you are suggesting on this comment: we go from more accurate to less accurate and we short-circuit when we find a match.

Implementation wise, I'd go for something like

        if (! $mxRecordsResult->withError()
            && $this->validateMxRecords($mxRecordsResult->getRecords())) {
             $dnsRecords = $mxRecordsResult->getRecords();
              return true;
        }
       // We know there are no MX records already
       $this->warnings[NoDNSMXRecord::CODE] = new NoDNSMXRecord();
      //If you feel like so, you can create new warnings for each missing DNS record
      //...

     //do the logic for error setting here
     $this->setError($mxRecordsResult, $aRecordsResult, $aaaaRecordsResult)

@egulias
Copy link
Owner

egulias commented Mar 6, 2025

Please check Pslam, its complaining :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants