[dns-wg] DNSSEC breaks qmail
Lutz Donnerhacke lutz at iks-jena.de
Fri Feb 17 13:07:53 CET 2006
* Peter Koch wrote: > The interesting question here is whether there are other applications that > issue ANY queries (most likely for the zone apex) and their resolvers > _do_ fall back to TCP. We notify a similar problem with sendmail. The interal resolver for DNS-mapping rules does not fall back to TCP. It does not cause any trouble here, because it supports EDNS and our zones are small enough. We notice the problem only, because some spammers resolve their temporary domains to an MX with 254 A records (a whole /24).
[ dns-wg Archives ]