Skip Menu |

This queue is for tickets about the Mail-SPF CPAN distribution.

Report information
The Basics
Id: 77005
Status: new
Priority: 0/
Queue: Mail-SPF

Owner: Nobody in particular
Requestors: david [...]

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Subject: Misbehaving DNS servers causing very long query time
Download (untitled) / with headers
text/plain 1.3k
Look at the mail domain "": 1) There is a TXT record with an include: statement referring to itself: $ dig +short -t txt "v=spf1 -all" 2) The DNS server of gives a timeout when queried for a SPF record: $ # time dig +short -t spf ;; connection timed out; no servers could be reached real 0m15.033s user 0m0.010s sys 0m0.000s The consequence is that a SPF query takes more than 5 minutes! # time ./spfquery --mfrom --ip permerror ... Maximum DNS-interactive terms limit (10) exceeded ... Maximum DNS-interactive terms limit (10) exceeded Received-SPF: permerror ( ... Maximum DNS-interactive terms limit (10) exceeded) receiver=ninive; identity=mailfrom; envelope-from=""; client-ip= real 5m30.625s user 0m0.130s sys 0m0.020s Even using a caching only DNS server won't help, because the timeout values are not cached (at least not with Bind). Maybe a total timeout for the complete querying / checking of a mail domain could be introduced? Note that this is related to this other bug report, but made worse by the use of the include statement:

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to