faqts : Computers : Internet : Mail Servers : qmail : Common Problems

+ Search
Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

106 of 121 people (88%) answered Yes
Recently 9 of 10 people (90%) answered Yes

Entry

My mail is not being delivered. The log says "deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/"

Jun 30th, 2006 12:56
Paul Theodoropoulos, Jeffrey Thompson, Dave Sill, Jonathan de Boyne Pollard, Guest, http://www.ckdhr.com./ckd/qmail-103.patch http://homepages.tesco.net./~J.deBoynePollard/Softwares/qmail/#any-to-cname


The "qmail.org" web site suggests that you may be able to get around 
this problem somewhat by installing the "djbdns" package, and in 
particular, "dnscache" from that package.
Installing "djbdns" is generally a good idea, but it does not 
genuinely fix this problem.  
The cause of this problem is as follows:
"qmail-remote" wants to perform "CNAME" lookups of the domain 
names that mail is to be sent to.  However, instead of doing a 
"CNAME" DNS lookup directly, it performs an "ANY" DNS lookup 
and scans the result for "CNAME" resource records.  It does 
this because of a bug in BIND version 4 that would be triggered 
if it did "CNAME" lookups directly.
But "qmail" only employs a 512-byte buffer to receive the DNS 
response.  Unfortunately, an "ANY" lookup for several popular 
domains (such as "aol.com.") now yields a response bigger than 
512 bytes, and the DNS lookup fails because the response size 
exceeds the size of the buffer that "qmail" has to hold it.  
(An "ANY" response for "aol.com." was 543 bytes - and even that 
was with the "glue" stripped - at the time of writing this 
answer.)
Installing "dnscache" partially alleviates this problem because 
"dnscache" provides smaller answers to "ANY" queries than other 
proxy DNS server softwares, such as BIND, do.  This happens to 
defer the onset of this problem in most cases.  
However, this is not a true solution.  The problem can still occur 
even if one employs "dnscache".  The the maximum size that a DNS 
response can be is 65536 bytes, and "qmail"'s DNS response buffer 
should therefore be capable of holding responses up to this size.  
The correct fix is to apply Christopher K. Davis' patch (hyperlink 
given above) that increases "qmail"'s buffer to 65536 bytes.
Whilst you are about it, you also might consider applying the 
patch (hyperlink given above) that makes "qmail" actually use 
"CNAME" queries when it wants to look up "CNAME" resource 
records.
[Edited to remove references to LWQ, which has been updated to 
recommend
 Davis' patch. -DS, 2004-03-02]