[dns-operations] [DNSOP] dnsop-any-notimp violates the DNS standards

Tony Finch dot at dotat.at
Mon Mar 9 16:09:44 UTC 2015

bert hubert <bert.hubert at netherlabs.nl> wrote:
> On Mon, Mar 09, 2015 at 11:08:03AM -0000, D. J. Bernstein wrote:
> > My "qmail" software is very widely deployed (on roughly 1 million SMTP
> > server IP addresses) and, by default, relies upon ANY queries in a way
> > that is guaranteed to work by the mandatory DNS standards.
> The way I read RFC 1034 4.3.2, this is not true. In step 4 we match whatever
> we find in the cache, put it in the packet, and move on to step 6.
> This means the algorithm might terminate returning only an A record or only
> an AAAA record.  Or a TXT record for that matter.
> This reading of 4.3.2 makes 'ANY' queries to resolvers fragile. It might not
> return what you need.

Dan is aware of that, but this particular oddity isn't a problem for
qmail. Later in his message he wrote:

> > Of course, there's no guarantee of which RR types for a node are
> > available at a cache, but a client is guaranteed to be able to detect
> > CNAME records from responses to query type ANY (as qmail does), since
> > a CNAME type prohibits all regular RR types.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Fair Isle: Southeast veering west, severe gale 9 to violent storm 11. Very
rough or high, becoming very high for a time. Rain then showers. Moderate or
poor, becoming good.

More information about the dns-operations mailing list