[unisog] DNS over TCP should we block
epancer at security.depaul.edu
Wed Jan 5 19:30:53 GMT 2005
On Wed, 2005-01-05 at 10:40:29 -0500, Steve Knodle proclaimed...
> Please note that Boston University's mail gateway, "bu.edu",
> has an MX record greater than 512 bytes. MTA's that cannot
> fail over from UDP to TCP (unpatched QMAIL, for example), are
> known to return DNS-lookup failures.
This has nothing to do with qmail, last i checked. It's a resolver
With said configuration (qmail) using djbdns as a local resolver,
there are no problems.
[ Corrections to this are appreciated, but I'm 99.9999% sure after ]
[ ample testing of the same type of problems over the past few years ]
Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer at security.depaul.edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3
More information about the unisog