https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6338
Kevin A. McGrail <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #7 from Kevin A. McGrail <[email protected]> 2010-03-01 20:00:46 UTC --- (In reply to comment #6) > Now that I think of it, even the current (3.2, 3.3) code relies on a query > section of a reply packet matching exactly the query packet. This happens > to work on all mainstream DNS servers, but there is no guarantee for this > in a form of a RFC requirement. In essence, we are already depending on > poor-man's form of a dns0x20, just without any additional entropy. > > The 'dns_options dns0x20' could just as well default to true, without > breaking anything that isn't already broken. > > Does anybody feel we need to lift the requirement for an exact (case-for-case) > match when dns0x20 option is NOT enabled? Some poor soul on a cheap home > router/firewall/dns-server may be affected by this without knowing why > his SA DNS queries sometimes fail. If I understand you correctly, currently we require an exact match and that could be causing some cheap-home DNS proxies, etc. to be having problems? I'd say let's add a dbg that outputs the non-match if we can and if that generates a lot of user questions, we open a different bug and address. KAM -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
