[dns-wg] DNSSEC breaks qmail
Lutz Donnerhacke lutz at iks-jena.de
Fri Feb 17 13:02:35 CET 2006
* Roy Arends wrote: > I can think of non-dnssec responses that are larger than 512 octets, so > the subject of this message does not cover its content. Of course. The ANY request for "bofh." does exceed 512 bytes, too. In this case it's caused by the large number of NS records. DNSSEC "guarantees" exceeding this limit. > I am not sure what CNAME has to do with this. djb might notify this only the case of CNAMEs, because the additional section becomes be quite long. > I have seen patches for qmail that make it handle larger udp packet > sizes. You have to install them in order to send mail to DNSSEC domains. > Which service marks a DNS message 'truncated' in your example ? The questioned nameserver. Setting the TC bit is a requirement from RfC 1035.
[ dns-wg Archives ]