17 Feb
2006
17 Feb
'06
1:11 p.m.
* Jim Reid wrote:
qmail won't be asking for DNSSEC RR types. That's for sure. And it won't be setting the DO bit either because DJB is no fan of EDNS0.
Qmail asks for "ANY" and this includes "NSEC" and "RRSIG", too. Qmail does not support EDNS and therefore get an truncated response as RfC 1035 requires. Qmail does not support the TCP fallback requirement and got struck.
So qmail's lookups should not be getting RRSIGs
If qmail would ask for "MX" and "A", there would be no problem at all. But qmail ask for "ANY".
So your local name server shouldn't be handing out these RRtypes to qmail's ANY QTYPE queries unless qmail set the D0 bit.
"NSEC" and "RRSIG" are covered by "ANY".