[dns-operations] DNSSEC and qmail

Lutz Donnerhacke lutz at iks-jena.de
Fri Oct 9 09:37:11 UTC 2009

* Tony Finch wrote:
> On Thu, 8 Oct 2009, Paul Vixie wrote:
>> qmail's query for ANY was meant to be an optimization, to avoid having to
>> make both an MX *and* an A query.  sendmail did this for a while also, but
>> has been patched.
> qmail only looks for CNAME answers after doing an ANY query, so its bug
> isn't as bad as sendmail's while still being a WTF.

No, qmail does an ANY query and looks if there is data in the response
buffer instead of checking the return code of the API function. So qmail
ignore the truncation state of the response.

If the is a response, qmail checks for MX. If there is no MX, qmail checks
for A. If there is no A, qmail respond with "temporary CNAME failure",
because the only case DJB came across while writing the code was the famous
AOL setup.

More information about the dns-operations mailing list