[Unbound-users] Question about qtype=any

Kevin Chadwick ma1l1ists at yahoo.co.uk
Mon Jul 18 20:01:16 UTC 2011


> >
> > Sendmail uses ANY first though and that's on many many servers.  
> 
> Sendmail has not made ANY queries for many years, though I believe it
> did in the very dim and distant past.
> 

Fair enough, I'd read that was the case when troubleshooting a problem
that turned out to be service.switch causing rather unexpected
behaviour (ignoring my intention of removing a dns query and also
skipping the mx, I guess the web page was older than I thought and I
never needed to check the source code, thankfully)


> However, qmail *does* make ANY queries in order to canonicalize mail
> domains in the envelopes of outgoing messages, i.e. to replace domains
> that are CNAME owner names with the corresponding CNAME target names.
> This behaviour is buggy in several ways. 

I believe djb knew this and only did this to work around bugs in
Bind? I think it was this problem that was why he may even have put in
alternative commented out code.

>Firstly, the current SMTP
> specification does not require domains to be canonicalized. Secondly,
> qmail should use an MX query not an ANY query, since it is looking up a
> mail domain not performing DNS diagnostics. Thirdly, it uses a 512 byte
> buffer which is too small, and it has no provision for dealing with
> truncated replies.

 A modern qmail like Spamcontrol for example is patched to be compliant
 with the new RFCs and larger replies.

So hopefully there aren't any servers still going and doing this any
more then. An old qmail might still be secure but incompliant with some
modern systems but an old sendmail would be a zombie on acid.



More information about the Unbound-users mailing list