[Rspamd-Users] SPF DNS Error / R_SPF_DNSFAIL
Vsevolod Stakhov
vsevolod at rspamd.com
Wed Jan 4 14:25:48 UTC 2023
On 01/01/2023 16:44, Max Grobecker wrote:
> Hi,
>
>> I see the DNS request on my DNS server and a "working" reply going
>> out. What can cause this error
>> and/or how can I debug it?
>
> I had this problem and tracked it down to a problem consisting of:
> - Domain has very many and/or large TXT records in APEX (where the SPF
> record is)
> - DNS resolver replies with a truncated response to not have to
> fragment UDP packets and expects you to request again via TCP for full
> answer
> - Rspamd uses a resolving library which does not do that
>
> In that case, Rspamd never gets the SPF record because there are too
> many other TXT records in the zone and the SPF is outside the truncation
> threshold.
>
> I solved this by using systemd-resolved (which handles this) and
> pointing Rspamd to 127.0.0.53 to resolve through the systemd-resolved
> service.
>
>
> Greetings,
> Max
This issue is no longer relevant, as Rspamd can switch to TCP when it
receives a truncated DNS reply over UDP.
More information about the Users
mailing list