[dns-operations] Why would an MTA issue an ANY query instead of an MX query?

Tony Finch dot at dotat.at
Mon Jun 11 12:22:05 UTC 2012


Colm MacCárthaigh <colm at stdlib.net> wrote:

> From the point of view of an SMTP server, an "ANY" query is a rational
> way to find all of the records it will need, in one pass.

That isn't actually why qmail is making an ANY query - it isn't
interested in more than one RR type.

There is exactly one point in qmail where it makes an ANY query, which is
when it is doing domain canonicalization of the envelope of outgoing
messages. This is following RFC 1123 section 5.2.2. However this
requirement is obsolete and modern MTAs don't do it.

There are two further bugs in qmail's implementation of this unnecessary
feature.

Originally it made a CNAME query in order to look up the canonical version
of a domain, but this caused interop problems with BIND 4. This was
replaced with an ANY query, which had fewer interop problems but is also
wrong. Both of these queries are wrong because they don't trigger alias
processing, so if there is a CNAME chain the response will not actually
yield the canonical name. The correct query is an MX or A query (it
doesn't matter which); the response will include all the CNAME RRs that
qmail wants to know about.

The other problem is that qmail uses a small DNS packet buffer, and does
not resize and retry if a response is truncated. ANY queries make it much
more likely for truncated-response failures to happen.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
North Utsire: Variable 3 or 4, becoming northerly 5 to 7 in northwest. Rough
in far northwest, otherwise slight or moderate. Fair. Good.


More information about the dns-operations mailing list