Public bug reported: When qmail tries to deliver emails to a domain that is DNSSEC-enabled the response it gets is often way larger than 512 Byte (2-5k is often experienced) since it queries for ANY instead of A,AAAA and MX. The result is that the delivery of mails to those domains can not be performed and the queue just increases.
I got the error "deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/" in the log file. Workaround: apt-get install dnscache-run This installs the DNS recurser "dnscache" and automaticly changes /etc/resolv.conf to 127.0.0.1. (as a side notice i first tried to install the DNS recurser Unbound, but even though I disabled DNSSEC validation it still replied with the relevant ressource records, when queried for 'ANY', and thus I achieved nothing.). The problem and suggestions on how to fix it is further discussed here (I found it during a web search): https://fanf.livejournal.com/122220.html There are probably other suggestions online on how to fix it. I think some patch should be applied, since the web is increasingly moving to DNSSEC. I found some stats that 20-30% of .nl domains are DNSSEC- enabled. That probably goes for some other TLD's too. $ lsb_release -rd Description: Ubuntu 12.04.4 LTS Release: 12.04 $ apt-cache show qmail | grep Version Version: 1.06-4 ** Affects: qmail (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1333558 Title: qmail ANY query bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qmail/+bug/1333558/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs