MX checks are not applied to dynamic updates
The check_mx() function in lib/ns/update.c incorrectly tests whether the DNS_RDATA_CHECKMX/DNS_RDATA_CHECKMXFAIL flags are set for each applied MX record update as these flags are never set in code paths related to dynamic updates; they can only be set when loading a zone from a master file (DNS_ZONEOPT_CHECKMX → DNS_MASTER_CHECKMX → DNS_RDATA_CHECKMX). This flaw allows MX records containing IP addresses to be added to a zone even when check-mx fail; is used.