sascha-pgp at silbe
Jun 25, 2012, 5:07 AM
Post #1 of 1
[PATCH] Fix for large DNS responses
After a shared server I co-maintain updated from a locally patched
version of netqmail-1.05 to the Gentoo version based on netqmail-1.06, I
noticed netqmail still doesn't have a fix for domains will a
more-than-minimal amount of records for the domain name. Because of
DNSSEC, this leads to mails to a growing number of domains
(e.g. sugarlabs.org) to be undeliverable.
There's already a patch  by Christopher K. Davis that will increase
the limit to 64KB. It's certainly a good idea to do so, but any fixed
size will be exceeded one time or another as long as qmail keeps
querying for more records than it needs.
The approach I followed some time back (and apparently forgot to share
with this list) is the one DJB suggested himself. It simply removes the
ancient misfeature that was introduced for compatibility with misguided
setups that don't exist anymore. Not doing an ANY query (to check for
CNAMEs) avoids getting large amounts of data qmail has no interest in
and that may overflow its buffers.
With this patch, qmail will only break for (i.e. be unable to deliver
to) domains that have enough _MX_ records to overflow the fixed buffer
size. With the increase to 64KB using Christophers patch that's
reasonably unlikely to happen in practice.
Sascha Silbe (1):
Remove CNAME check as it breaks with DNS responses > 512B
dns.c | 27 +--------------------------
1 file changed, 1 insertion(+), 26 deletions(-)