Ticket #153 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

[pdns-recursor]: Incorrect retrieval of TXT records

Reported by: anon Assigned to: somebody
Priority: normal Milestone:
Component: component1 Version:
Severity: normal Keywords:
Cc:

Description

I've been implementing DomainKeys? on my mailserver and ran into some trouble verifying mail from Yahoo. At first I thought it was a bug in libdomainkeys, but I now found out it's a PowerDNS problem.

'dig -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth' returns the following: [root@lan ~]$ dig -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth

; <<>> DiG 9.3.3 <<>> -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58078 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION: ;s1024._domainkey.yahoo.com. IN TXT

;; ANSWER SECTION: s1024._domainkey.yahoo.com. 86400 IN TXT "k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm" "JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;"

;; Query time: 173 msec ;; SERVER: 66.218.71.63#53(66.218.71.63) ;; WHEN: Wed Aug 15 14:49:41 2007 ;; MSG SIZE rcvd: 477

However, this is what a dig ('dig -t TXT s1024._domainkey.yahoo.com') against the local recursor returns: [root@lan ~]$ dig -t TXT s1024._domainkey.yahoo.com

; <<>> DiG 9.3.3 <<>> -t TXT s1024._domainkey.yahoo.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3982 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;s1024._domainkey.yahoo.com. IN TXT

;; ANSWER SECTION: s1024._domainkey.yahoo.com. 30002 IN TXT "k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"

;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Aug 15 14:51:29 2007 ;; MSG SIZE rcvd: 184

In my opinion the powerdns-recursor answer is very very wrong and obviously it breaks the DomainKeys? verification of all mailservers running on a box with powerdns-recursor.

Change History

08/15/07 16:00:42 changed by anon

  • status changed from new to closed.
  • resolution set to fixed.

Fixed in SVN