wrong RD/RA flags cause exim4 to fail if no MX Record for a domain is set

Sam Trenholme strenholme.usenet at gmail.com
Fri Aug 1 13:11:59 EDT 2008 

> RA              Recursion Available - this be is set or cleared in a
>                response, and denotes whether recursive query support is
>                available in the name server.
>
> So RA seems of value if one likes to know whether or not the query has
> undergone recursive treatment or if the DNS-Server supports recursive queries.

OK, first of all, I have noted this bug and I do have a "I will fix
RFC violations that you can demonstrate real-world problems with"
policy with MaraDNS bug fixes (However, I won't change things to
follow the RFC exactly just for the sake of following the RFCs).

RA won't tell you if a given query is one where recursion was used.
All it will tell you is whether you can perform recursion with a given
DNS server.  This is useless information; a user using a DNS server
not allowing recursion will quickly find this out when they can't go
to google.com, hi5.com, or whatever social networking site is popular
in their region.  Most DNS clients happily ignore this bit (which is
why I didn't see this issue at all until late 2007, over five years
after the first stable release of MaraDNS); it's only a few corner
cases with some minority clients that are needlessly pedantic about
the DNS spec.

Don't get me started on RFC1912 section 2.2, where the serial number
is supposed to be in a format that is only meaningful if you edit the
SOA serial by hand.

Yes, this would be a useful bit in the header if it was, say RP
(recursion performed) telling you that the query in question was one
processed recursively, and not coming from the local DNS server.

I also feel RD is handled wrong in BIND.  BIND's handling of RD has
privacy implications: BIND simply doesn't recurse to process a given
query, but if the query is already in the cache, BIND will give you
the query from the cache.

In MaraDNS, if RD is cleared, MaraDNS will not ever give you any
information from the cache, but will only answer authoritative
queries.

- Sam

Note: If you send me a MaraDNS-related support question, I reserve the
right to post your support email to the Mara-DNS mailing list so that
the community at large can examine your issue. MaraDNS security
vulnerability reports, however, will be kept confidential.

More information about the list mailing list