[pdns-recursor]: Incorrect retrieval of TXT records #153

Closed
Habbie opened this Issue Apr 26, 2013 · 1 comment

Projects

None yet

1 participant

@Habbie
Member
Habbie commented Apr 26, 2013

I've been implementing DomainKeys on my mailserver and ran into some trouble verifying mail from Yahoo. At first I thought it was a bug in libdomainkeys, but I now found out it's a PowerDNS problem.

'dig -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth' returns the following:
[root@lan ~]$ dig -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth

; <<>> DiG 9.3.3 <<>> -t TXT s1024._domainkey.yahoo.com @ns1.yahoo.com +noadditional +noauth
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58078
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:
;s1024._domainkey.yahoo.com. IN TXT

;; ANSWER SECTION:
s1024._domainkey.yahoo.com. 86400 IN TXT "k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm" "JiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj/+XcwIDAQAB; n=A 1024 bit key;"

;; Query time: 173 msec
;; SERVER: 66.218.71.63#53(66.218.71.63)
;; WHEN: Wed Aug 15 14:49:41 2007
;; MSG SIZE rcvd: 477

However, this is what a dig ('dig -t TXT s1024._domainkey.yahoo.com') against the local recursor returns:
[root@lan ~]$ dig -t TXT s1024._domainkey.yahoo.com

; <<>> DiG 9.3.3 <<>> -t TXT s1024._domainkey.yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3982
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;s1024._domainkey.yahoo.com. IN TXT

;; ANSWER SECTION:
s1024._domainkey.yahoo.com. 30002 IN TXT "k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfm"

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 15 14:51:29 2007
;; MSG SIZE rcvd: 184

In my opinion the powerdns-recursor answer is very very wrong and obviously it breaks the DomainKeys verification of all mailservers running on a box with powerdns-recursor.

@Habbie Habbie was assigned Apr 26, 2013
@Habbie Habbie closed this Apr 26, 2013
@Habbie
Member
Habbie commented Apr 26, 2013

Author: anon
Fixed in SVN

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment