[dns-wg] DNSSEC breaks qmail
- Previous message (by thread): [dns-wg] DNSSEC breaks qmail
- Next message (by thread): [dns-wg] DNSSEC breaks qmail
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Roy Arends
roy at nominet.org.uk
Fri Feb 17 12:46:13 CET 2006
> Qmail can't deliver to DNSSEC protected domains. (Repost from edri.org-ML) > > Reason: > - qmail send an "ANY IN edri.org" query in order to deliver mail. > * Due to DNSSEC, there are a some signatures catched by ANY so the > response packet size is 605 bytes. > - qmail does not support EDNS extensions for larger UDP packets. > * The response is truncated to 512 bytes and marked "truncated". > - qmail does not support the very old TCP fallback requirement for DNS. > - qmail refuses to deliver the mail > and logs "CNAME_lookup_failed_temporarily." I can think of non-dnssec responses that are larger than 512 octets, so the subject of this message does not cover its content. I am not sure what CNAME has to do with this. I have seen patches for qmail that make it handle larger udp packet sizes. Which service marks a DNS message 'truncated' in your example ? Roy
- Previous message (by thread): [dns-wg] DNSSEC breaks qmail
- Next message (by thread): [dns-wg] DNSSEC breaks qmail
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]