qmail ANY query bugs

Bug #1333558 reported by Georg Sluyterman on 2014-06-24
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
qmail (Ubuntu)
Undecided
Unassigned

Bug Description

When qmail tries to deliver emails to a domain that is DNSSEC-enabled the response it gets is often way larger than 512 Byte (2-5k is often experienced) since it queries for ANY instead of A,AAAA and MX. The result is that the delivery of mails to those domains can not be performed and the queue just increases.

I got the error "deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/" in the log file.

Workaround: apt-get install dnscache-run

This installs the DNS recurser "dnscache" and automaticly changes /etc/resolv.conf to 127.0.0.1.
(as a side notice i first tried to install the DNS recurser Unbound, but even though I disabled DNSSEC validation it still replied with the relevant ressource records, when queried for 'ANY', and thus I achieved nothing.).

The problem and suggestions on how to fix it is further discussed here (I found it during a web search):
https://fanf.livejournal.com/122220.html

There are probably other suggestions online on how to fix it. I think some patch should be applied, since the web is increasingly moving to DNSSEC. I found some stats that 20-30% of .nl domains are DNSSEC-enabled. That probably goes for some other TLD's too.

$ lsb_release -rd
Description: Ubuntu 12.04.4 LTS
Release: 12.04
$ apt-cache show qmail | grep Version
Version: 1.06-4

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in qmail (Ubuntu):
status: New → Confirmed
MatthiasP (mpdude) wrote :

If I am not mistaken, the qmail package for Ubuntu already contains the patch [1] for DNS responses > 512 byte. Still there seems to be a problem that can be mitigated by not querying for ANY but just for CNAME records [2]. Or, even better, remove that check entirely as allegedly recommended by DJB himself [3].

[1] http://www.memoryhole.net/qmail/#oversize-dns
[2] http://www.memoryhole.net/qmail/#any-to-cname
[3] http://www.gossamer-threads.com/lists/qmail/users/138190

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers