Victor Duchovni:
> On Fri, Mar 19, 2010 at 12:32:13PM -0400, Wietse Venema wrote:
>
> > > > And why would Yahoo be doing a CNAME lookup?
> > >
> > > Their MTA does that for all destinations, among other lookups.
> > >
> > > Your DNS server is a bit odd:
> > >
> > > $ dig +trace -t any slsware.com
> > >
> > > ;; connection timed out; no servers could be reached
> > >
> > > While asking for "cname" or "mx" works... Perhaps their code does a
> > > "T_ANY" lookup.
> >
> > If I recall correctly, Yahoo runs a modified qmail, and indeed:
> >
> > switch(resolve(sa,T_ANY))
>
> So that's the issue then, the DNS server in question does not support
> T_ANY. Most likely it is behind a firewall that does not understand T_ANY,
> and drops the DNS packets for security reasons. Otherwise, the DNS server
> itself is deficient.
Just to clarify, this DNS server is likely to create the same
problem with other sites that run a version of the qmail MTA.
According to the qmail CHANGES file entry 19961003, it uses T_ANY
as a workaround for DNS servers that broke with T_CNAME. Of course,
using T_ANY introduces other failure modes (reply too big, or broken
infrastructure).
Wietse
