id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
153	[pdns-recursor]: Incorrect retrieval of TXT records	anon	somebody	"I've been implementing DomainKeys on my mailserver and ran into some trouble verifying mail from Yahoo. At first I thought it was a bug in libdomainkeys, but I now found out it's a PowerDNS problem.

'dig -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth' returns the following:
[root@lan ~]$ dig -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth

; <<>> DiG 9.3.3 <<>> -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58078
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:
;s1024._domainkey.yahoo.com.   IN       TXT

;; ANSWER SECTION:
s1024._domainkey.yahoo.com. 86400 IN    TXT ""k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"" ""JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj/+XcwIDAQAB\; n=A 1024 bit key\;""

;; Query time: 173 msec
;; SERVER: 66.218.71.63#53(66.218.71.63)
;; WHEN: Wed Aug 15 14:49:41 2007
;; MSG SIZE  rcvd: 477

However, this is what a dig ('dig -t TXT s1024._domainkey.yahoo.com') against the local recursor returns:
[root@lan ~]$ dig -t TXT s1024._domainkey.yahoo.com

; <<>> DiG 9.3.3 <<>> -t TXT s1024._domainkey.yahoo.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3982
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;s1024._domainkey.yahoo.com.   IN       TXT

;; ANSWER SECTION:
s1024._domainkey.yahoo.com. 30002 IN    TXT ""k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm""

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 15 14:51:29 2007
;; MSG SIZE  rcvd: 184

In my opinion the powerdns-recursor answer is very very wrong and obviously it breaks the DomainKeys verification of all mailservers running on a box with powerdns-recursor.
"	defect	closed	normal		component1		normal	fixed