Home     My Faqts     Contributors     About     Help    

faqts : Computers : Internet : Mail Servers : qmail : Common Problems

FAQTs repaired & updated!
Thanks for your patience...
Entry Add Entry Alert - Edit this Entry

Did You Find This Entry Useful?

20 of 25 people (80%) answered Yes
Recently 8 of 10 people (80%) answered Yes

My mail is not being delivered. The log says "deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/"

Apr 21st, 2004 23:58

Jeffrey Thompson, Dave Sill, Jonathan de Boyne Pollard, Guest
http://www.ckdhr.com./ckd/qmail-103.patch http://homepages.tesco.net./~J.deBoynePollard/Softwares/qmail/#any-to-cname
 


The "qmail.org" web site says that the best fix for this 
problem is to install the "djbdns" package, and in particular, 
"dnscache" from that package.

The "qmail.org" web site is wrong.  

Installing "djbdns" is a bodge, and not a fix to this problem 
at all.  

The cause of this problem is as follows:

"qmail-remote" wants to perform "CNAME" lookups of the domain 
names that mail is to be sent to.  However, instead of doing a 
"CNAME" DNS lookup directly, it performs an "ANY" DNS lookup 
and scans the result for "CNAME" resource records.  It does 
this because of a bug in BIND version 4 that would be triggered 
if it did "CNAME" lookups directly.

But "qmail" only employs a 512-byte buffer to receive the DNS 
response.  Unfortunately, an "ANY" lookup for several popular 
domains (such as "aol.com.") now yields a response bigger than 
512 bytes, and the DNS lookup fails because the response size 
exceeds the size of the buffer that "qmail" has to hold it.  
(An "ANY" response for "aol.com." was 543 bytes - and even that 
was with the "glue" stripped - at the time of writing this 
answer.)

Installing "dnscache" alleviates this problem because 
"dnscache" provides smaller answers to "ANY" queries than other 
proxy DNS server softwares, such as BIND, do.  This happens to 
defer the onset of this problem in most cases.  

However, this is clearly a bodge.  The problem can still occur 
even if one employs "dnscache".  The simple fact is that the 
maximum size that a DNS response can be is 65536 bytes, and 
"qmail"'s DNS response buffer should therefore be capable of 
holding responses up to this size.  The correct fix is to apply 
Christopher K. Davis' patch (hyperlink given above) that 
increases "qmail"'s buffer to 65536 bytes.

Whilst you are about it, you also might consider applying the 
patch (hyperlink given above) that makes "qmail" actually use 
"CNAME" queries when it wants to look up "CNAME" resource 
records.

[Edited to remove references to LWQ, which has been updated to 
recommend
 Davis' patch. -DS, 2004-03-02]



© 1999-2004 Synop Pty Ltd