Re: [DNSOP] [dns-operations] dnsop-any-notimp violates the DNS standards

Paul Wouters <paul@nohats.ca> Fri, 13 March 2015 16:42 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59D2E1A00DF for <dnsop@ietfa.amsl.com>; Fri, 13 Mar 2015 09:42:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fALnmXpqFuoF for <dnsop@ietfa.amsl.com>; Fri, 13 Mar 2015 09:42:28 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C03081A00CF for <dnsop@ietf.org>; Fri, 13 Mar 2015 09:42:28 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3l3Xr31Mscz259; Fri, 13 Mar 2015 17:42:27 +0100 (CET)
Authentication-Results: mx.nohats.ca; dkim=pass reason="1024-bit key; unprotected key" header.d=nohats.ca header.i=@nohats.ca header.b=OY/IzrP0; dkim-adsp=pass
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id M4JpwVobKsia; Fri, 13 Mar 2015 17:42:25 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 13 Mar 2015 17:42:25 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 8AE5080416; Fri, 13 Mar 2015 12:42:24 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1426264944; bh=F4SBuaQOApNcxQu1Dq/p39O3Athp/BUj67qJTuCoV8k=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=OY/IzrP0YkoXiezpDOI7O2gKmWk8B+bKLh7xfluXTcQ7pkT/FtHOqzgUBuETQwZF7 yf9B3Cj+CvTUjYp9T5I4qouc9Je6h3WMeF4JmWzKP2oDyPDY5fLelhRAYzOZJq9Ekc NqnjdZEKzMTENHFPBcvSeMSc7YYQNbnO8OK1eq24=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id t2DGgNrG012610; Fri, 13 Mar 2015 12:42:24 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Fri, 13 Mar 2015 12:42:23 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Paul Vixie <paul@redbarn.org>
In-Reply-To: <5503101F.9060205@redbarn.org>
Message-ID: <alpine.LFD.2.10.1503131230180.11843@bofh.nohats.ca>
References: <20150312125913.20188.qmail@cr.yp.to> <3D558422-D5DA-4434-BDED-E752BA353358@flame.org> <m27fulry37.wl%randy@psg.com> <55030A28.8050707@necom830.hpcl.titech.ac.jp> <5503101F.9060205@redbarn.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/jO0UMx0jSKZ0It1dCvYCJ_YDLTc>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] [dns-operations] dnsop-any-notimp violates the DNS standards
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2015 16:42:30 -0000

On Sat, 14 Mar 2015, Paul Vixie wrote:

> ultimately what matters is whatever works. if cloudflare decides to stop
> answering QTYPE=ANY then it would take all million or so qmail customers
> complaining to cloudflare's NOC to get cloudflare to change its mind. i
> don't think that's going to happen, for a number of reasons, one of
> which is that the corner case qmail is depending on was a bad idea
> originally and has gotten nothing but worse since then. but let's run
> the experiment, shall we?

I bet most qmail installs run from distributions that have included the
CNAME patch. I'm not sure if this is going to break more than 1 server.

All debian qmail packages come with:

http://ftp.de.debian.org/debian/pool/non-free/q/qmail/qmail_1.03-49.2.diff.gz

+  * Applied patch to dns.c to allow e-mail to deliver correctly to systems where
+    their DNS size is greater > 512.  Fixes "CNAME Lookup Failure" error when
+    delivering mail to aol.com
+
+ -- Jon Marler <jmarler@debian.org>  Sat,  29 May 1999 12:33:00 +0100

This ship sailed 16 years ago. The only people at risk are those who
compiled from source without applying patches.

Paul