[dns-operations] DNSSEC and qmail

Tony Finch dot at dotat.at
Thu Oct 8 11:36:40 UTC 2009


On Thu, 8 Oct 2009, Roy Arends wrote:
>
> This is odd.
>
> What cname?

It's asking for cam.ac.uk. IN ANY when trying to canonicalize the
recipient domain.

> Second, I'd expect qmail to talk to resolver. resolvers generally trip the
> response to stubs to fit a 512 udp message.

They do?

Looking at the code I think what is happening is that the stub resolver is
getting a truncated UDP response, and retrying with TCP. The stub resolver
truncates responses that don't fit in the caller's buffer by just chopping
off the end (much less gracefully than a recursive server truncates a UDP
response) and when qmail tries to parse the chopped packet it fails with a
temporary error.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.



More information about the dns-operations mailing list