[dns-operations] DNSSEC and qmail
Tony Finch
dot at dotat.at
Fri Oct 9 12:48:42 UTC 2009
On Fri, 9 Oct 2009, Lutz Donnerhacke wrote:
> * Tony Finch wrote:
> >
> > qmail only looks for CNAME answers after doing an ANY query, so its bug
> > isn't as bad as sendmail's while still being a WTF.
>
> No, qmail does an ANY query and looks if there is data in the response
> buffer instead of checking the return code of the API function. So qmail
> ignore the truncation state of the response.
No it does not ignore the return code - it passes on error returns.
However it does ignore truncation. See resolve() in dns.c.
> If the is a response, qmail checks for MX. If there is no MX, qmail checks
> for A. If there is no A, qmail respond with "temporary CNAME failure",
> because the only case DJB came across while writing the code was the famous
> AOL setup.
No. To see where this error occurs you should read addrmangle() in
qmail-remote.c and dns_cname() in dns.c. There are no MX or A lookups
or checks involved.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.
More information about the dns-operations
mailing list