Re: [dns-wg] DNSSEC breaks qmail
-
From: Lutz Donnerhacke lutz@localhost
-
Date: Fri, 17 Feb 2006 12:11:39 +0000 (UTC)
-
Lines: 18
-
Newsgroups: iks.lists.ripe.dns-wg
-
Nntp-posting-date: Fri, 17 Feb 2006 12:11:39 +0000 (UTC)
-
Nntp-posting-host: taranis.iks-jena.de
-
Organization: IKS GmbH Jena
-
Path: not-for-mail
* Jim Reid wrote:
> qmail won't be asking for DNSSEC RR types. That's for sure. And it
> won't be setting the DO bit either because DJB is no fan of EDNS0.
Qmail asks for "ANY" and this includes "NSEC" and "RRSIG", too.
Qmail does not support EDNS and therefore get an truncated response
as RfC 1035 requires.
Qmail does not support the TCP fallback requirement and got struck.
> So qmail's lookups should not be getting RRSIGs
If qmail would ask for "MX" and "A", there would be no problem at all.
But qmail ask for "ANY".
> So your local name server shouldn't be handing out these RRtypes to
> qmail's ANY QTYPE queries unless qmail set the D0 bit.
"NSEC" and "RRSIG" are covered by "ANY".
|
you are here: RIPE -> RIPE Maillists > Archives
