This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] DNSSEC breaks qmail
- Previous message (by thread): [dns-wg] DNSSEC breaks qmail
- Next message (by thread): [dns-wg] DNSSEC breaks qmail
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lutz Donnerhacke
lutz at iks-jena.de
Fri Feb 17 13:11:39 CET 2006
* Jim Reid wrote: > qmail won't be asking for DNSSEC RR types. That's for sure. And it > won't be setting the DO bit either because DJB is no fan of EDNS0. Qmail asks for "ANY" and this includes "NSEC" and "RRSIG", too. Qmail does not support EDNS and therefore get an truncated response as RfC 1035 requires. Qmail does not support the TCP fallback requirement and got struck. > So qmail's lookups should not be getting RRSIGs If qmail would ask for "MX" and "A", there would be no problem at all. But qmail ask for "ANY". > So your local name server shouldn't be handing out these RRtypes to > qmail's ANY QTYPE queries unless qmail set the D0 bit. "NSEC" and "RRSIG" are covered by "ANY".
- Previous message (by thread): [dns-wg] DNSSEC breaks qmail
- Next message (by thread): [dns-wg] DNSSEC breaks qmail
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]