On 12/30/10 3:04 PM, Lightner, Jeff wrote:
If qmail is open source then YOU can patch it to your heart's content
and might even want to fork the project so you're maintaining it for
others.
Expecting BIND to hold itself back or patch itself for 1998 standards is
a bit like expecting people that maintain websites to keep support for
Mosaic. It's hard enough to get them to do it for Firefox, Chrome,
Opera et al let alone going back to things ancient browsers did.
I think Lazy was suggesting that we need another *qmail* patch, not a
BIND patch. Note that qmail previously wouldn't accept any DNS response
over 512 bytes, even if it was received via TCP. That is clearly broken
behavior that has since been patched. However, there are still a bunch
of unpatched qmail systems out there. I have found it much easier to
tell qmail admins who can't resolve 'ANY berkeley.edu' to go get the
latest patchset rather than engage them in the usual religious war.
I *do* generally agree with your and Tony's points, but regardless of
whether you think it's valid for qmail to be doing ANY queries to
canonicalize email domains, the ANY query is a legitimate DNS query and
it should be supported by authoritative servers. Moreover, TCP is
REQUIRED by the DNS specs and it is NOT okay to block it. It's not okay
to say "I don't really think that anyone should be querying for ANY
microsoft.com, so I will allow such queries to break in an ungraceful
way." We should be all the more concerned that a query of "TXT
microsoft.com" yields a 494-byte answer, just 18 bytes away from being
broken in the same manner. Legitimate non-qmail MTAs do need to do TXT
queries for SPF and other records.
At any rate, it may make sense to move this discussion over to
dns-operations@, since we seem to be in agreement that this isn't a BIND
problem.
michael
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users