[dns-operations] DNSSEC and qmail
Roy Arends
roy at dnss.ec
Thu Oct 8 11:07:15 UTC 2009
On Oct 8, 2009, at 12:54 PM, Tony Finch wrote:
> We've just had a report of qmail being unable to deliver mail to our
> site.
> The cam.ac.uk zone has been signed for a few months, and it seems that
> some of our DNS responses blow out qmail's 512 byte response buffer.
> Its
> error messsage is "CNAME lookup failed temporarily" but in fact qmail
> actually performs an T_ANY lookup which produces a 1.3KB reply (DO=0).
This is odd.
What cname?
Second, I'd expect qmail to talk to resolver. resolvers generally trip
the response to stubs to fit a 512 udp message.
Lastly, there is fallback to tcp ofcourse, and all of cam.ac.uk
respond over TCP as well.
Roy
More information about the dns-operations
mailing list