[dns-operations] DNSSEC and qmail
Shumon Huque
shuque at isc.upenn.edu
Thu Oct 8 13:56:08 UTC 2009
On Thu, Oct 08, 2009 at 09:39:52AM -0400, Shumon Huque wrote:
>
> We had a similar problem right after UPENN.EDU was signed 3 months
> ago. An internal department reported that they could no longer
> send mail to Penn mail servers. The problem was the same but involved
> an older version of sendmail and a firewall. This sendmail
> (sendmail AIX4.3/8.9.3) was making type=ANY, DO=0 queries, getting
> a truncated response (RRSIG and NSEC records were tipping the response
> over 512 bytes), retrying the query over TCP through a firewall that
> wasn't allowing 25/tcp (groan).
Let me clarify, that I meant that it wasn't using EDNS0 (not that
it was using EDNS0 and setting DO=0) ..
--Shumon.
More information about the dns-operations
mailing list