This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] DNSSEC breaks qmail
- Previous message (by thread): [dns-wg] DNSSEC breaks qmail
- Next message (by thread): [dns-wg] DNSSEC breaks qmail
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Roy Arends
roy at nominet.org.uk
Fri Feb 17 12:46:13 CET 2006
> Qmail can't deliver to DNSSEC protected domains. (Repost from edri.org-ML) > > Reason: > - qmail send an "ANY IN edri.org" query in order to deliver mail. > * Due to DNSSEC, there are a some signatures catched by ANY so the > response packet size is 605 bytes. > - qmail does not support EDNS extensions for larger UDP packets. > * The response is truncated to 512 bytes and marked "truncated". > - qmail does not support the very old TCP fallback requirement for DNS. > - qmail refuses to deliver the mail > and logs "CNAME_lookup_failed_temporarily." I can think of non-dnssec responses that are larger than 512 octets, so the subject of this message does not cover its content. I am not sure what CNAME has to do with this. I have seen patches for qmail that make it handle larger udp packet sizes. Which service marks a DNS message 'truncated' in your example ? Roy
- Previous message (by thread): [dns-wg] DNSSEC breaks qmail
- Next message (by thread): [dns-wg] DNSSEC breaks qmail
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]