[dns-operations] DNSSEC and qmail
Tony Finch
dot at dotat.at
Thu Oct 8 11:36:40 UTC 2009
On Thu, 8 Oct 2009, Roy Arends wrote:
>
> This is odd.
>
> What cname?
It's asking for cam.ac.uk. IN ANY when trying to canonicalize the
recipient domain.
> Second, I'd expect qmail to talk to resolver. resolvers generally trip the
> response to stubs to fit a 512 udp message.
They do?
Looking at the code I think what is happening is that the stub resolver is
getting a truncated UDP response, and retrying with TCP. The stub resolver
truncates responses that don't fit in the caller's buffer by just chopping
off the end (much less gracefully than a recursive server truncates a UDP
response) and when qmail tries to parse the chopped packet it fails with a
temporary error.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.
More information about the dns-operations
mailing list