[unisog] DNS over TCP should we block

Eric Pancer epancer at security.depaul.edu
Wed Jan 5 19:30:53 GMT 2005


On Wed, 2005-01-05 at 10:40:29 -0500, Steve Knodle proclaimed...

> Please note that Boston University's mail gateway, "bu.edu",
> has an MX record greater than 512 bytes.  MTA's that cannot
> fail over from UDP to TCP (unpatched QMAIL, for example), are
> known to return DNS-lookup failures.

This has nothing to do with qmail, last i checked. It's a resolver
problem.

With said configuration (qmail) using djbdns as a local resolver,
there are no problems.

[ Corrections to this are appreciated, but I'm 99.9999% sure after   ]
[ ample testing of the same type of problems over the past few years ]

-- 
Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer at security.depaul.edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3




More information about the unisog mailing list