Several mechanisms rely on information fetched from the DNS. For
these DNS queries, except where noted, if the DNS server returns an
error (RCODE other than 0 or 3) or the query times out, the mechanism
stops and the topmost check_host() returns "temperror". If the
server returns "Name Error" (RCODE 3), then evaluation of the
mechanism continues as if: the server returned no error (RCODE 0) and
zero answer records.
As per RFC7208:
We should not return Permerror upon RCODE3, yet in current implementation (after big refactor) we do this https://github.com/zaccone/spf/blob/master/resolver_miekg.go#L35-L36
It;s also not consistent with older code: https://github.com/zaccone/spf/blob/master/resolver_miekg.go#L35-L36
/cc @dmotylev