FWIW, this later percolates to VA.DNS.RTT.A (previously VA.DNS.RTT.MX). Not sure if something should be done about that or not.

Also, I think it could all be done in a single DNS query, but the code changes would be more invasive.

I guess this approach is great if it can be granted the General Availability tag.

Thanks for looking at this!

I haven't checked how the RTT is used; my guess was that it might be used for a timeout or something, so I thought it would be best to return the total elapsed time.

DNS queries can only ask for one type at a time, so you can't ask for MX and A and AAAA in one go. (ANY queries are magical and do not work the way you think they do.)

nit: This will break the RA.DNS.RTT.A stat set from the return value of validateEmail here. This isn't really your fault, but it means we should really get #1124 fixed very soon.

Yes, I wasn't sure what to do with the RTTs - I was very lazy and didn't check what they are used for, so thanks for the pointer. I've pushed an updated patch which makes the RTT stats slightly less incorrect.