spfquery times out checking apparently valid record
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libspf2 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
$ /usr/bin/spfquery -debug=1 -ip=208.72.90.125 -<email address hidden>
spf_compile.c:523 Debug: Parsing macro starting at Please%
spf_compile.c:1210 Debug: Compiling record v=spf1
spf_dns.c:54 Debug: DNS[cache] lookup: uk.playstation.com SPF (99)
spf_dns.c:54 Debug: DNS[resolv] lookup: uk.playstation.com SPF (99)
spf_dns_
spf_dns.c:66 Debug: DNS[resolv] found record
spf_dns.c:69 Debug: DOMAIN: uk.playstation.com TYPE: SPF (99)
spf_dns.c:76 Debug: TTL: 0 RR found: 0 herrno: 4 source: resolv
spf_dns.c:66 Debug: DNS[cache] found record
spf_dns.c:69 Debug: DOMAIN: uk.playstation.com TYPE: SPF (99)
spf_dns.c:76 Debug: TTL: 0 RR found: 0 herrno: 4 source: resolv
spf_server.c:370 Debug: get_record(
spf_dns.c:54 Debug: DNS[cache] lookup: uk.playstation.com TXT (16)
spf_dns.c:54 Debug: DNS[resolv] lookup: uk.playstation.com TXT (16)
[.... hangs at this point ...]
The site openspf.org has no problem marking this as approved.
http://
Is it failing because the record is too long and it needs to fall back to TCP?
$ host -t TXT uk.playstation.com
;; Truncated, retrying in TCP mode.
uk.playstation.com descriptive text "v=spf1 include:
uk.playstation.com descriptive text "v=spf2.0/pra include:
I think it's likely related to the TCP fallback/retry. That record is right
on the edge of if it will fit in a UDP packet or not and so it'll probably
work some times and not others. The SPF RFCs recommend against records that
large for this exact reason.
When you checked, was it from the same host you're having trouble with
spfquery on? If not, it might also be because DNS over TCP was blocked for
the host running spfquery.
If you install spf-tools-python, it includes an alternate spfquery
implementation that I know supports TCP fallback, as long as TCP isn't blocked
in a firewall somewhere.