[Rspamd-Users] SPF DNS Error / R_SPF_DNSFAIL

Vsevolod Stakhov vsevolod at rspamd.com
Wed Jan 4 14:25:48 UTC 2023

On 01/01/2023 16:44, Max Grobecker wrote:
> Hi,
>> I see the DNS request on my DNS server and a "working" reply going 
>> out. What can cause this error
>> and/or how can I debug it?
> I had this problem and tracked it down to a problem consisting of:
>   - Domain has very many and/or large TXT records in APEX (where the SPF 
> record is)
>   - DNS resolver replies with a truncated response to not have to 
> fragment UDP packets and expects you to request again via TCP for full 
> answer
>   - Rspamd uses a resolving library which does not do that
> In that case, Rspamd never gets the SPF record because there are too 
> many other TXT records in the zone and the SPF is outside the truncation 
> threshold.
> I solved this by using systemd-resolved (which handles this) and 
> pointing Rspamd to to resolve through the systemd-resolved 
> service.
> Greetings,
>   Max

This issue is no longer relevant, as Rspamd can switch to TCP when it 
receives a truncated DNS reply over UDP.

More information about the Users mailing list