https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8280

--- Comment #8 from William Herrin <herrin-spamassas...@dirtside.com> ---
Dig uses resolv.conf unless overridden on the command line (which I did not).
nsswitch and the related libraries are not involved in DNS TXT lookups; they're
only for IP address lookups related to the getaddrinfo() series of calls.

Debian stable's Net::DNS is version 1.36. Using a simple script, I confirmed
that it does fall back to TCP for the overdrive.com TXT lookup.

Debian stable's Mail::SPF is version 2.9.0. Using a simple script, I confirmed
that it does fall back to TCP for the overdrive.com TXT lookup.

However, when Spamassassin does its whole series queries (including the
overdrive.com TXT lookup), the tcpdumps do not show a fall back to TCP.

I notice that /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm has a bunch of
logic for connecting to the DNS server via UDP (connect_sock, Type =>
SOCK_DGRAM) but no logic for establishing a TCP connection to the resolver
(SOCK_STREAM). Unclear why it would need any logic for UDP if it relies on
Net::DNS for the connection to the resolver...


Have you specifically checked the SPF module for TCP fallback? If your
recursive resolver allows large EDNS UDP packets, it won't send a truncated
response for overdrive.com.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to