On Mon, Sep 03, 2001 at 09:32:06AM +0200, Andrea Cerrito wrote:
> My qmail box is querying a Solaris box acting as a DNS server (just
> cache), running BIND, to resolve MSN.com MXs. The only patch I've
> installed on qmail it's the dns one.
> So my question is: why the dns patch isn't the right solution?
Because, as was explained earlier in this thread, the problem is not
with a >512 byte response (which is what the patch solves). qmail makes
an 'any' query for the domain, which is broken for all servers of
msn.com. Try it yourself:
gregw@frodo:~$ dnsq any msn.com dns1.cp.msft.net
255 msn.com:
timed out
gregw@frodo:~$ dig any msn.com @dns1.cp.msft.net
; <<>> DiG 8.3 <<>> any msn.com @dns1.cp.msft.net
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server dns1.cp.msft.net 207.46.138.20: Operation timed out
MSN is badly broken. You're not allowed to ignore an 'any' query. See
all the DNS RFCs.
(It seems to me that MS' new Akamai servers time out for all 'any'
queries. Akamai should fix their servers.)
We're forced to work around broken servers here -- this is not qmail's
fault at all.
GW
