Skip Menu |
 

This queue is for tickets about the Mail-SPF CPAN distribution.

Report information
The Basics
Id: 77005
Status: new
Priority: 0/
Queue: Mail-SPF

People
Owner: Nobody in particular
Requestors: david [...] schweikert.ch
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Misbehaving DNS servers causing very long query time
Download (untitled) / with headers
text/plain 1.3k
Look at the mail domain "gfyuj.com": 1) There is a TXT record with an include: statement referring to itself: $ dig +short -t txt gfyuj.com "v=spf1 include:gfyuj.com -all" 2) The DNS server of gfyuj.com gives a timeout when queried for a SPF record: $ # time dig +short -t spf gfyuj.com ;; connection timed out; no servers could be reached real 0m15.033s user 0m0.010s sys 0m0.000s The consequence is that a SPF query takes more than 5 minutes! # time ./spfquery --mfrom iiii@gfyuj.com --ip 64.52.10.186 permerror gfyuj.com ... gfyuj.com: Maximum DNS-interactive terms limit (10) exceeded gfyuj.com ... gfyuj.com: Maximum DNS-interactive terms limit (10) exceeded Received-SPF: permerror (gfyuj.com ... gfyuj.com: Maximum DNS-interactive terms limit (10) exceeded) receiver=ninive; identity=mailfrom; envelope-from="iiii@gfyuj.com"; client-ip=64.52.10.186 real 5m30.625s user 0m0.130s sys 0m0.020s Even using a caching only DNS server won't help, because the timeout values are not cached (at least not with Bind). Maybe a total timeout for the complete querying / checking of a mail domain could be introduced? Note that this is related to this other bug report, but made worse by the use of the include statement: https://bugs.launchpad.net/postfix-policyd-spf-perl/+bug/161133


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.