[dns-operations] DNSSEC and qmail

Lutz Donnerhacke lutz at iks-jena.de
Thu Oct 8 13:07:58 UTC 2009

* Tony Finch wrote:
> We've just had a report of qmail being unable to deliver mail to our site.
> The cam.ac.uk zone has been signed for a few months, and it seems that
> some of our DNS responses blow out qmail's 512 byte response buffer. Its
> error messsage is "CNAME lookup failed temporarily" but in fact qmail
> actually performs an T_ANY lookup which produces a 1.3KB reply (DO=0).

Very old problem.

news:slrndvb8nb.tr.lutz at taranis.iks-jena.de

There is a patch for qmail to increase the buffer size to 4096. This does
not solve the problem, i.e. during key rollovers, but helps in most cases.

More information about the dns-operations mailing list