-----BEGIN PGP SIGNED MESSAGE-----
> On Mon, Sep 03, 2001 at 09:32:06AM +0200, Andrea Cerrito wrote:
> > My qmail box is querying a Solaris box acting as a DNS server
> > (just cache), running BIND, to resolve MSN.com MXs. The only
> > patch I've installed on qmail it's the dns one.
> > So my question is: why the dns patch isn't the right solution?
>
>
> Because, as was explained earlier in this thread, the problem is
> not with a >512 byte response (which is what the patch solves).
> qmail makes an 'any' query for the domain, which is broken for all
> servers of
> msn.com.
AHHHHHH! Finally I understand. :)
> Try it yourself:
>
> gregw@frodo:~$ dnsq any msn.com dns1.cp.msft.net
> 255 msn.com:
> timed out
> gregw@frodo:~$ dig any msn.com @dns1.cp.msft.net
>
> ; <<>> DiG 8.3 <<>> any msn.com @dns1.cp.msft.net
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; res_nsend to server dns1.cp.msft.net 207.46.138.20: Operation
> timed out
Done. But it appers to work to me:
# nslookup
Default Server: [internaldns]
Address: [internalip]
> set q=any
> msn.com
Server: [internaldns]
Address: [internalip]
Non-authoritative answer:
msn.com nameserver = DNS1.CP.MSFT.NET
msn.com nameserver = DNS1.TK.MSFT.NET
msn.com nameserver = DNS3.UK.MSFT.NET
msn.com nameserver = DNS3.JP.MSFT.NET
msn.com nameserver = DNS1.DC.MSFT.NET
msn.com nameserver = DNS1.SJ.MSFT.NET
Authoritative answers can be found from:
msn.com nameserver = DNS1.CP.MSFT.NET
msn.com nameserver = DNS1.TK.MSFT.NET
msn.com nameserver = DNS3.UK.MSFT.NET
msn.com nameserver = DNS3.JP.MSFT.NET
msn.com nameserver = DNS1.DC.MSFT.NET
msn.com nameserver = DNS1.SJ.MSFT.NET
DNS1.CP.MSFT.NET internet address = 207.46.138.20
DNS1.TK.MSFT.NET internet address = 207.46.232.37
DNS3.UK.MSFT.NET internet address = 213.199.144.151
DNS3.JP.MSFT.NET internet address = 207.46.72.123
DNS1.DC.MSFT.NET internet address = 207.68.128.151
DNS1.SJ.MSFT.NET internet address = 207.46.97.11
>
> MSN is badly broken. You're not allowed to ignore an 'any' query.
> See all the DNS RFCs.
Yep.
> (It seems to me that MS' new Akamai servers time out for all 'any'
> queries. Akamai should fix their servers.)
Correct:
> server DNS1.CP.MSFT.NET
Default Server: DNS1.CP.MSFT.NET
Address: 207.46.138.20
> set q=any
> msn.com
Server: DNS1.CP.MSFT.NET
Address: 207.46.138.20
^C
>
> We're forced to work around broken servers here -- this is not
> qmail's fault at all.
Of course it is. I'm just trying to understand the problem, and why
it works to me.
I mean: why qmail reports no problem to me? Just because my qmail
server is forced to use just an internal dns (which is forced to use
root servers)?
Please don't misunderstand me, I'm just trying to understand what's
happening outta there. :)
- ---
Cordiali saluti / Best regards
Andrea Cerrito
^^^^^^^^^^^^^^
Net.Admin @ Centro MultiMediale di Terni S.p.A.
P.zzale Bosco 3A
05100 Terni IT
Tel. +39 0744 5441330
Fax. +39 0744 5441372
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQEVAwUBO5NDRPo9HK4+yTI3AQENWAf/WXgygT+k8rfmasrpgcfN4+EfwbNgF1OB
F4Cz+p7Xo8jITVh6eG2gEFoicjpHJ3OquVhmh3TiW+tF2MOqWQpx+zj6jQ2vViUq
+hQOqcsM/bbLtWrh23dt2wnRrkNK9BsO8Gc7ryy+eh9JnlLmjPbt88oBh4rMcAiX
qUuVQx3kxWYeLzk2op4v7wHIbyoobuYemdnsY+r2i9avj8hprJ+xky+DwhgUw2v3
V6UFn082a34p0ET5gLbQLvRCzgviaJXU8MQekIvsTH1QDj8IySfSi4MsV+iVPP7H
qJUPrvVmsO4hs7oAY6l0Yau2GDA8EwERTW6ECu2+peaBBmsfwMQVrA==
=T4B9
-----END PGP SIGNATURE-----
