Ubuntu
dkim-milter package

dkim-filter fails to work if it cannot open a TCP connection to nameserver port DNS

Bug #387171 reported by Emilio Lucena
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
dkim-milter (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

I noticed that when running ubuntu 8.04 Server edition, dkim-filter will work properly if it can not open a TCP connection to the nameserver port DNS. So if, for some reason, your namserver only responds to DNS UDP, you will get an

can't configure DKIM library; continuing

error message. And after that, you will always get an error like:

can't read SMFIC_EOH reply packet header

Maybe dkim-filter should not try to open TCP connection to the nameserver. Instead it should make its queries via UDP.

Revision history for this message
Emilio Lucena (ubuntu-vipnetware) wrote :

Actually, I meant to say that the dkim-filter will not work properly if ....

Simon Déziel (sdeziel)
Changed in dkim-milter (Ubuntu):
status: New → Confirmed
Revision history for this message
Simon Déziel (sdeziel) wrote :

I can reproduce this issue too but I doubt that falling back on DNS lookups on UDP only is a good solution. According to this reference http://www.ietf.org/proceedings/42/I-D/draft-ietf-dnsind-udp-size-02.txt the maximum size of a DNS packet in UDP is 512 :
    The Domain Name System defaults to using UDP for queries and replies
    with a DNS payload limit of 512 bytes. Larger replies cause an
    initial truncation indication leading to a subsequent handling via
    TCP with substantially higher overhead.

A lot of DKIM TXT record would not fit in such small packets.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Given the size of dkim dns records, trying to do dkim without access to dns over tcp is not likely to end well.

Changed in dkim-milter (Ubuntu):
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.