[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: qmail-remote to earthlink.com: CNAME lookup failed temporarily

To: qmail@xxxxxxxxxxxxx
Subject: Re: qmail-remote to earthlink.com: CNAME lookup failed temporarily
From: James Craig Burley <craig@xxxxxxxxxx>
Date: Tue, 02 Mar 2004 22:30:56 +0000
Delivered-to: de5-qmail@sws5.ornl.gov
Delivered-to: mailing list qmail@list.cr.yp.to
In-reply-to: <16452.62983.610040.618125@sws5.ornl.gov>
Mailing-list: contact qmail-help@list.cr.yp.to; run by ezmlm
References: <20040302201852.3079.qmail@deer.theburleys.net> <16452.62983.610040.618125@sws5.ornl.gov>

>James Craig Burley <craig@xxxxxxxxxx> wrote:
>
>>Just now, after further research, I tried the any-to-cname.patch at:
>>
>>  http://homepages.tesco.net/~J.deBoynePollard/Softwares/qmail/#any-to-cname
>>
>>It worked like a charm, and qmail-remote takes hardly any time
>>delivering to earthlink.com now (that is, successful delivery is
>>taking hardly any time; previously, the failures occurred after what
>>seemed like several minutes).
>
>So having qmail do CNAME lookups instead of ANY lookups fixed a "CNAME
>lookup failed temporarily" problem? How strange.

Yeah, especially since I'd already applied the big-DNS patch, as I
mentioned.

Since I haven't studied the pertinent standards and practices myself,
I can only guess, but...maybe an ANY lookup on earthlink.com returns
too much info to fit into a UDP packet of any size, so a CNAME lookup
sufficiently restricts the request?  (This is kinda sorta what JdBP's
page says, with my own spin/guess on it.)

>>Based on the writeup on that web page, and my own experiences, I think
>>it's safe for me to recommend that second patch for inclusion in most
>>anyone's qmail setup, and the netqmail people might want to consider
>>putting it into netqmail-1.06 as well.
>
>You're not worried about breaking interoperability with BIND versions
>earlier than version 4.9.4? What about the dnscache problem JdBP
>refers to with a dead link?

The web page suggests that such versions of BIND are not widely
deployed enough to be a problem.  Presumably I'll find that out
(somehow -- not sure what the symptoms will be!) -- in the meantime,
applying the patch seems to be the only sure way of my being able to
send email to earthlink.com, though I didn't try installing and
running djbdns, and would prefer to avoid doing so (especially since I
don't know which patches to apply to it!).

As to the dead link, I think I was reading what that was referring to
the other night.  Do you believe dnscache's supposed problems would
make using the patch break email somehow?

>And what about DJB's comment:
>
>  Pretty much everything that JdBP says about CNAME records is
>  wrong. His model of CNAME records is out of whack with the DNS
>  specifications and out of whack with the behavior of deployed DNS
>  software. Do not use his patches to djbdns.

I was entirely unaware of that comment!  A bit scary actually, since,
reading through JdBP's FGA's the other night, pretty much everything
he says about stuff I *do* know about was spot-on.  But, then again,
djb can be (and has been) wrong too, and JdBP's pages had at least one
link showing djb saying, flat-out, that one of JdBP's claims (about
some kind of infinitely-looping lookup) was wrong, so JdBP seems not
entirely unaware of djb's concerns.

Do you know of any canonical, rock-solid fix to the
CNAME-lookup-failure problem for sites like earthlink.com?  I'd like
to avoid installing djbdns (or running BIND) on my little
Broadband-hosted site without knowing *exactly* why I need it.

Maybe comcast.net's DNS, i.e. my upstream, and only, nameserver, is
broken?

Or maybe something's wrong with my system's resolv library?  (I'm
running Red Hat Linux 7.3 on the pertinent server.)

If there's any doubt, despite my report of *success* using JdBP's
patch to fix my earthlink.com CNAME lookup problem, nobody should take
that as an indication that there wouldn't be problems (such as the
ones you are suggesting) as a result of deploying it.

Because the simple fact is that my "site" sends out precious little
email, to a *tiny* audience of email addresses, most of which
constitutes bounces due to joe-jobs and the like.  The only "authors"
of original email are myself (work and personal) and my wife (personal
only, and almost never for that, though she uses the system to receive
and store incoming personal email).

So if there are interoperability problems with the JdBP patch I'm
using, I might simply never notice them.

(This is in sharp contrast to the volume of email *sent* to my site,
which is substantial, thanks to spam, vermin, and joe jobs, plus a few
mailing lists.)

-- 
James Craig Burley
Software Craftsperson
<http://www.jcb-sc.com>

Follow-Ups:
- Re: qmail-remote to earthlink.com: CNAME lookup failed temporarily
  - From: James Craig Burley

References:
- qmail-remote to earthlink.com: CNAME lookup failed temporarily
  - From: James Craig Burley
- Re: qmail-remote to earthlink.com: CNAME lookup failed temporarily
  - From: Dave Sill

Prev by Date: Re: remove/disable a Maildir mailbox
Next by Date: Re: qmail-remote to earthlink.com: CNAME lookup failed temporarily
Previous by thread: Re: qmail-remote to earthlink.com: CNAME lookup failed temporarily
Next by thread: Re: qmail-remote to earthlink.com: CNAME lookup failed temporarily
Index(es):
- Date
- Thread