Ticket #153 (closed defect: fixed)
[pdns-recursor]: Incorrect retrieval of TXT records
| Reported by: | anon | Owned by: | somebody |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | component1 | Version: | |
| Severity: | normal | Keywords: | |
| Cc: |
Description
I've been implementing DomainKeys? on my mailserver and ran into some trouble verifying mail from Yahoo. At first I thought it was a bug in libdomainkeys, but I now found out it's a PowerDNS problem.
'dig -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth' returns the following: [root@lan ~]$ dig -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth
; <<>> DiG 9.3.3 <<>> -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58078 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION: ;s1024._domainkey.yahoo.com. IN TXT
;; ANSWER SECTION: s1024._domainkey.yahoo.com. 86400 IN TXT "k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm" "JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;"
;; Query time: 173 msec ;; SERVER: 66.218.71.63#53(66.218.71.63) ;; WHEN: Wed Aug 15 14:49:41 2007 ;; MSG SIZE rcvd: 477
However, this is what a dig ('dig -t TXT s1024._domainkey.yahoo.com') against the local recursor returns: [root@lan ~]$ dig -t TXT s1024._domainkey.yahoo.com
; <<>> DiG 9.3.3 <<>> -t TXT s1024._domainkey.yahoo.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3982 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;s1024._domainkey.yahoo.com. IN TXT
;; ANSWER SECTION: s1024._domainkey.yahoo.com. 30002 IN TXT "k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"
;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Aug 15 14:51:29 2007 ;; MSG SIZE rcvd: 184
In my opinion the powerdns-recursor answer is very very wrong and obviously it breaks the DomainKeys? verification of all mailservers running on a box with powerdns-recursor.
