[dns-operations] DNSSEC and qmail

Roy Arends roy at dnss.ec
Thu Oct 8 11:07:15 UTC 2009

On Oct 8, 2009, at 12:54 PM, Tony Finch wrote:

> We've just had a report of qmail being unable to deliver mail to our  
> site.
> The cam.ac.uk zone has been signed for a few months, and it seems that
> some of our DNS responses blow out qmail's 512 byte response buffer.  
> Its
> error messsage is "CNAME lookup failed temporarily" but in fact qmail
> actually performs an T_ANY lookup which produces a 1.3KB reply (DO=0).

This is odd.

What cname?

Second, I'd expect qmail to talk to resolver. resolvers generally trip  
the response to stubs to fit a 512 udp message.

Lastly, there is fallback to tcp ofcourse, and all of cam.ac.uk  
respond over TCP as well.


More information about the dns-operations mailing list