[dns-operations] DNSSEC and qmail

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Oct 8 11:07:26 UTC 2009

On Thu, Oct 08, 2009 at 11:54:13AM +0100,
 Tony Finch <dot at dotat.at> wrote 
 a message of 15 lines which said:

> We've just had a report of qmail being unable to deliver mail to our
> site.  The cam.ac.uk zone has been signed for a few months, and it
> seems that some of our DNS responses blow out qmail's 512 byte
> response buffer. Its error messsage is "CNAME lookup failed
> temporarily" but in fact qmail actually performs an T_ANY lookup
> which produces a 1.3KB reply (DO=0).

A side effect of DNSSEC will be to push broken and unmaintained
software to the side of the road. A good side effect.

More information about the dns-operations mailing list