[dns-operations] DNSSEC and qmail

Shumon Huque shuque at isc.upenn.edu
Thu Oct 8 13:56:08 UTC 2009

On Thu, Oct 08, 2009 at 09:39:52AM -0400, Shumon Huque wrote:
> We had a similar problem right after UPENN.EDU was signed 3 months
> ago. An internal department reported that they could no longer
> send mail to Penn mail servers. The problem was the same but involved
> an older version of sendmail and a firewall. This sendmail 
> (sendmail AIX4.3/8.9.3) was making type=ANY, DO=0 queries, getting 
> a truncated response (RRSIG and NSEC records were tipping the response
> over 512 bytes), retrying the query over TCP through a firewall that
> wasn't allowing 25/tcp (groan).

Let me clarify, that I meant that it wasn't using EDNS0 (not that
it was using EDNS0 and setting DO=0) ..


More information about the dns-operations mailing list