[milters] Archive

Lists Index Date Thread Search

Article: 1908
From: Jim Hermann - UUN Hostmaster
Date: 2008-11-08 14:55:26 -0500
Subject: Hack to eliminate DNS UDP Truncated Temp Error

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Folks,

I checked a bunch of cases where the DNS query is being truncated via UDP
and found that the truncated response still contains the TXT Record that is
needed by milter-spiff.  The missing data usually is the authority section
of the response, so there is no effect when it is missing.  

Even in the case of two TXT records where the truncated response does not
contain both TXT records (e.g. aol.com), the worst case result is that
half-the-time the response contains the spf2.0/pra string and not the v=spf1
string.  The SPF check result is NONE, rather than "TempError: DNS UDP
response truncated, TCP support not implemented."  Either way, the message
is not subject to the mail-policy for fail.

[root@host mail]# .spf 64.12.143.99 aol.com
<aol.com> None
[root@host mail]# .spf 64.12.143.99 aol.com
<aol.com> Pass

[root@host io]# ./Dns TXT aol.com
aol.com. 300 IN TXT "v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24
ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24
ip4:64.12.136.0/23 ip4:64.12.138.0/24 ip4:64.12.143.99/32
ip4:64.12.143.100/32 ip4:64.12.143.101/32 ptr:mx.aol.com ?all"
[root@host io]# ./Dns TXT aol.com
aol.com. 299 IN TXT "spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24
ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24
ip4:64.12.136.0/23 ip4:64.12.138.0/24 ip4:64.12.143.99/32
ip4:64.12.143.100/32 ip4:64.12.143.101/32 ptr:mx.aol.com ?all"

[root@host io]# ./Dns-org TXT aol.com
DNS UDP response truncated, TCP support not implemented (4)

Here is the patch for lib/io/Dns:

--- Dns.c       2008-10-25 15:19:18.000000000 -0500
+++ Dns.c.org   2007-08-01 03:50:06.000000000 -0500
@@ -430,12 +430,10 @@
        /* TODO: check if the message was truncated and redo the request
         * over TCP as recommend by RFC 974.
         */
-       /* Ignore DNS UDP Truncated since missing part is usually
-        * unimportant.  - jwh 10/25/08
        if (dns->packet.header.bits & BITS_TC) {
                DnsSetError(dns, DNS_RCODE_NOT_IMPLEMENTED,
DnsErrorTruncated);
                return -1;
-       }*/
+       }

        switch (dns->packet.header.bits & BITS_RCODE) {
        case DNS_RCODE_OK:


Jim
-----
Jim Hermann <hostmaster@UUism.net>
UUism Networks <http://www.UUism.net>
Ministering to the Needs of Online UUs
Web Hosting, Email Services, Mailing Lists
-----


Lists Index Date Thread Search