bind 9.7.2-P3 does not resolve

Michael Sinatra michael at
Thu Dec 30 23:49:34 UTC 2010

On 12/30/10 3:04 PM, Lightner, Jeff wrote:
> If qmail is open source then YOU can patch it to your heart's content
> and might even want to fork the project so you're maintaining it for
> others.
> Expecting BIND to hold itself back or patch itself for 1998 standards is
> a bit like expecting people that maintain websites to keep support for
> Mosaic.  It's hard enough to get them to do it for Firefox, Chrome,
> Opera et al let alone going back to things ancient browsers did.

I think Lazy was suggesting that we need another *qmail* patch, not a 
BIND patch.  Note that qmail previously wouldn't accept any DNS response 
over 512 bytes, even if it was received via TCP.  That is clearly broken 
behavior that has since been patched.  However, there are still a bunch 
of unpatched qmail systems out there.  I have found it much easier to 
tell qmail admins who can't resolve 'ANY' to go get the 
latest patchset rather than engage them in the usual religious war.

I *do* generally agree with your and Tony's points, but regardless of 
whether you think it's valid for qmail to be doing ANY queries to 
canonicalize email domains, the ANY query is a legitimate DNS query and 
it should be supported by authoritative servers.  Moreover, TCP is 
REQUIRED by the DNS specs and it is NOT okay to block it.  It's not okay 
to say "I don't really think that anyone should be querying for ANY, so I will allow such queries to break in an ungraceful 
way."  We should be all the more concerned that a query of "TXT" yields a 494-byte answer, just 18 bytes away from being 
broken in the same manner.  Legitimate non-qmail MTAs do need to do TXT 
queries for SPF and other records.

At any rate, it may make sense to move this discussion over to 
dns-operations@, since we seem to be in agreement that this isn't a BIND 


More information about the bind-users mailing list