This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] DNSSEC breaks qmail
- Previous message (by thread): [dns-wg] DNSSEC breaks qmail
- Next message (by thread): [dns-wg] new DNS Operations mailing list
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bruce Campbell
list-ripe-dns-wg at vicious.dropbear.id.au
Fri Feb 17 14:48:36 CET 2006
On Fri, 17 Feb 2006, Roy Arends wrote: >> Qmail can't deliver to DNSSEC protected domains. (Repost from > edri.org-ML) >> >> Reason: >> - qmail does not support the very old TCP fallback requirement for > DNS. >> - qmail refuses to deliver the mail >> and logs "CNAME_lookup_failed_temporarily." > > I can think of non-dnssec responses that are larger than 512 octets, so > the subject of this message does not cover its content. > I am not sure what CNAME has to do with this. The logic leading to that log message is 'I did not receive a valid A or MX record result, so I must have been looking up a CNAME and the remote DNS server failed to give a response'. Qmail should (according to qmail FAQ 2.5) retry the message later, however it will most probably get the same result as the remote zone will not have changed. On Fri, 17 Feb 2006, Peter Koch wrote: > Qmail has already had problems in the past with domain names where an ANY > response exceeds 512 octets. It happens with large NS RRsets, RFC1101 PTRs > or large TXT RR(Set)s which seem not so uncommon these days (although that's > a mistake). There was a patch at <http://www.ckdhr.com/ckd/qmail-103.patch>, > but i have no idea whether that can be applied today. No new releases of qmail by the author have been made since that patch was created; it should still apply. >> - qmail does not support EDNS extensions for larger UDP packets. > > That's probably not the application's problem, but the resolver's. Qmail runs its own resolver, which is where the problem arises. -- Bruce Campbell
- Previous message (by thread): [dns-wg] DNSSEC breaks qmail
- Next message (by thread): [dns-wg] new DNS Operations mailing list
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]