DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st May 2008
ducu_00 ducu_00 is offline
Real Name: Alexandru Cristea
Port Guard
 
Join Date: May 2008
Location: Romania
Posts: 12
Default sendmail host name lookup failure

Hello everybody.

I run sendmail 8.14.2 on FreeBSD 5.5, 6.3 and 7.0 (from ports on 5.5, default on 6.3 and 7.0) in a small testing lan, behind a snat router which hosts a 9.3.3 bind name server. The domain name is not public, say aaa.bbb.ccc and the 3 machines are fbsd-5, fbsd-6 and fbsd-7. Name resolution is ok, tested with host and dig.
If I want to send emails from any of the 3 bsd's to another machine, say fc-6, user test, the mail is sent from fbsd-7, but not from the fbsd-5 and fbsd-6, error "stat=Deferred: Name server: fc-6.aaa.bbb.ccc.: host name lookup failure".
The sendmail servers have the same configuration (the default one - including WorkAroundBrokenAAAA) , all are compiled with NAMED_BIND, sendmail is enabled in rc.conf.
After some sniffing of the bind conversations I found that:
- all the 3 bsd's send A requests at some point in the conversation and receive the right response;
- all of the bsd's send AAAA requests and receive NOERR responses from the name server (I do not use ipv6);
- all except fbsd-7 request AAAA for fc-6. receiving ServFail as response. This is weird!!

Is the problem sendmail related or resolver library related? I googled for 2 days, no solution, except recompiling sendmail without ipv6 support.
Reply With Quote
  #2   (View Single Post)  
Old 21st May 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

A mailserver first will try to lookup the MX (Mail eXchanger) DNS record.

On my local LAN with DJBDNS nameservers
Code:
]dig +norecurse  -t mx utp.xnet @192.168.222.11

; <<>> DiG 9.3.4 <<>> +norecurse -t mx utp.xnet @192.168.222.11
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6504
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;utp.xnet.                      IN      MX

;; ANSWER SECTION:
utp.xnet.               604800  IN      MX      0 mail.utp.xnet.

;; AUTHORITY SECTION:
utp.xnet.               259200  IN      NS      ns1.utp.xnet.

;; ADDITIONAL SECTION:
mail.utp.xnet.          604800  IN      A       192.168.222.10
ns1.utp.xnet.           259200  IN      A       192.168.222.11

;; Query time: 1 msec
;; SERVER: 192.168.222.11#53(192.168.222.11)
;; WHEN: Wed May 21 23:08:42 2008
;; MSG SIZE  rcvd: 97
If there is no MX record , it will do an A DNS record lookup.

From the sending sendmail box, can you do the MX and A record lookups manually with dig? What do they produce?

If you modified the DNS records, please restart BIND so it will not answer queries from the old cached records.

BTW To sniff DNS traffic I use
Code:
tcpdump -nvv -i re0 -s512  port domain
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 22nd May 2008
ducu_00 ducu_00 is offline
Real Name: Alexandru Cristea
Port Guard
 
Join Date: May 2008
Location: Romania
Posts: 12
Default

Quote:
[root@fbsd-5 /etc/rc.d]# dig -t a fc-6.bdux.dsdis.ro

; <<>> DiG 9.3.2 <<>> -t a fc-6.bdux.dsdis.ro
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42027
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;fc-6.bdux.dsdis.ro. IN A

;; ANSWER SECTION:
fc-6.bdux.dsdis.ro. 600 IN A 10.32.0.56

;; AUTHORITY SECTION:
bdux.dsdis.ro. 600 IN NS gw.bdux.dsdis.ro.

;; ADDITIONAL SECTION:
gw.bdux.dsdis.ro. 600 IN A 10.32.0.1

;; Query time: 1 msec
;; SERVER: 10.32.0.1#53(10.32.0.1)
;; WHEN: Thu May 22 09:14:12 2008
;; MSG SIZE rcvd: 85

[root@fbsd-5 /etc/rc.d]# sendmail -q -v

Running /var/spool/mqueue/m4L81qhJ099077 (sequence 1 of 1)
<root@fc-6.bdux.dsdis.ro>... Connecting to fc-6.bdux.dsdis.ro. via esmtp...
<root@fc-6.bdux.dsdis.ro>... Deferred: Name server: fc-6.bdux.dsdis.ro.: host name lookup failure
I added even MX records for fc-6, nothing changed.

Quote:
[root@fbsd-5 /etc/rc.d]# cat /etc/resolv.conf
domain bdux.dsdis.ro
#search bdux.dsdis.ro dsdis.ro
nameserver 10.32.0.1
Below I pasted an edited output of `tcpdump -i eth1 -nvv -s512 port 53` on the name server.
Quote:
10.32.0.58.62277 > 10.32.0.1.domain: [udp sum ok] 30845+ AAAA? fbsd-5.bdux.dsdis.ro. (38)
10.32.0.1.domain > 10.32.0.58.62277: [udp sum ok] 30845* q: AAAA? fbsd-5.bdux.dsdis.ro. 0/1/0 ns: bdux.dsdis.ro. SOA gw.bdux.dsdis.ro. root.gw.b
dux.dsdis.ro. 2008052101 600 86400 6000 604800 (82)

10.32.0.58.58427 > 10.32.0.1.domain: [udp sum ok] 30846+ AAAA? fbsd-5.bdux.dsdis.ro.bdux.dsdis.ro. (52)
10.32.0.1.domain > 10.32.0.58.58427: [udp sum ok] 30846 NXDomain* q: AAAA? fbsd-5.bdux.dsdis.ro.bdux.dsdis.ro. 0/1/0 ns: bdux.dsdis.ro. SOA gw.b
dux.dsdis.ro. root.gw.bdux.dsdis.ro. 2008052101 600 86400 6000 604800 (96)

10.32.0.58.61148 > 10.32.0.1.domain: [udp sum ok] 30847+ A? fbsd-5.bdux.dsdis.ro. (38)
10.32.0.1.domain > 10.32.0.58.61148: [udp sum ok] 30847* q: A? fbsd-5.bdux.dsdis.ro. 1/1/1 fbsd-5.bdux.dsdis.ro. A 10.32.0.58 ns: bdux.dsdis.ro.
NS gw.bdux.dsdis.ro. ar: gw.bdux.dsdis.ro. A 10.32.0.1 (87)

10.32.0.58.54572 > 10.32.0.1.domain: [udp sum ok] 30848+ PTR? 58.0.32.10.in-addr.arpa. (41)
10.32.0.1.domain > 10.32.0.58.54572: [udp sum ok] 30848* q: PTR? 58.0.32.10.in-addr.arpa. 1/1/1 58.0.32.10.in-addr.arpa. PTR fbsd-5.bdux.dsdis.r
o. ns: 0.32.10.in-addr.arpa. NS gw.bdux.dsdis.ro. ar: gw.bdux.dsdis.ro. A 10.32.0.1 (108)

10.32.0.58.53339 > 10.32.0.1.domain: [udp sum ok] 30849+ MX? fc-6.bdux.dsdis.ro. (36)
10.32.0.1.domain > 10.32.0.58.53339: [udp sum ok] 30849* q: MX? fc-6.bdux.dsdis.ro. 0/1/0 ns: bdux.dsdis.ro. SOA gw.bdux.dsdis.ro. root.gw.bdux.
dsdis.ro. 2008052101 600 86400 6000 604800 (80)

10.32.0.58.61755 > 10.32.0.1.domain: [udp sum ok] 30850+ AAAA? fc-6.bdux.dsdis.ro. (36)
10.32.0.1.domain > 10.32.0.58.61755: [udp sum ok] 30850* q: AAAA? fc-6.bdux.dsdis.ro. 0/1/0 ns: bdux.dsdis.ro. SOA gw.bdux.dsdis.ro. root.gw.bdu
x.dsdis.ro. 2008052101 600 86400 6000 604800 (80)

10.32.0.58.61755 > 10.32.0.1.domain: [udp sum ok] 30851+ A? fc-6.bdux.dsdis.ro. (36)
10.32.0.1.domain > 10.32.0.58.61755: [udp sum ok] 30851* q: A? fc-6.bdux.dsdis.ro. 1/1/1 fc-6.bdux.dsdis.ro. A 10.32.0.56 ns: bdux.dsdis.ro. NS
gw.bdux.dsdis.ro. ar: gw.bdux.dsdis.ro. A 10.32.0.1 (85)


10.32.0.58.50605 > 10.32.0.1.domain: [udp sum ok] 30852+ AAAA? fc-6.bdux.dsdis.ro. (36)
10.32.0.1.domain > 10.32.0.58.50605: [udp sum ok] 30852* q: AAAA? fc-6.bdux.dsdis.ro. 0/1/0 ns: bdux.dsdis.ro. SOA gw.bdux.dsdis.ro. root.gw.bdu
x.dsdis.ro. 2008052101 600 86400 6000 604800 (80)

10.32.0.58.55183 > 10.32.0.1.domain: [udp sum ok] 30853+ AAAA? fc-6.bdux.dsdis.ro. (36)
10.32.0.1.domain > 10.32.0.58.55183: [udp sum ok] 30853* q: AAAA? fc-6.bdux.dsdis.ro. 0/1/0 ns: bdux.dsdis.ro. SOA gw.bdux.dsdis.ro. root.gw.bdu
x.dsdis.ro. 2008052101 600 86400 6000 604800 (80)

10.32.0.58.49958 > 10.32.0.1.domain: [udp sum ok] 30854+ AAAA? fc-6. (22)

10.32.0.58.58250 > 10.32.0.1.domain: [udp sum ok] 30854+ AAAA? fc-6. (22)

10.32.0.58.58781 > 10.32.0.1.domain: [udp sum ok] 30855+ AAAA? fc-6.bdux.dsdis.ro. (36)
10.32.0.1.domain > 10.32.0.58.58781: [udp sum ok] 30855* q: AAAA? fc-6.bdux.dsdis.ro. 0/1/0 ns: bdux.dsdis.ro. SOA gw.bdux.dsdis.ro. root.gw.bdu
x.dsdis.ro. 2008052101 600 86400 6000 604800 (80)

10.32.0.58.52574 > 10.32.0.1.domain: [udp sum ok] 30856+ AAAA? fc-6. (22)

10.32.0.58.65175 > 10.32.0.1.domain: [udp sum ok] 30856+ AAAA? fc-6. (22)

10.32.0.1.domain > 10.32.0.58.49958: [udp sum ok] 30854 ServFail q: AAAA? fc-6. 0/0/0 (22)

10.32.0.1.domain > 10.32.0.58.58250: [udp sum ok] 30854 ServFail q: AAAA? fc-6. 0/0/0 (22)

10.32.0.1.domain > 10.32.0.58.52574: [udp sum ok] 30856 ServFail q: AAAA? fc-6. 0/0/0 (22)

10.32.0.1.domain > 10.32.0.58.65175: [udp sum ok] 30856 ServFail q: AAAA? fc-6. 0/0/0 (22)
What's with all these fc-6. queries? Shouldn't sendmail accept and use the A reply for the destination host (in blue)?
Reply With Quote
  #4   (View Single Post)  
Old 22nd May 2008
ducu_00 ducu_00 is offline
Real Name: Alexandru Cristea
Port Guard
 
Join Date: May 2008
Location: Romania
Posts: 12
Default

I've attached the output of:

#sendmail -q -d8.8 -v

Is there any reason for sendmail to send queries for the unqualified hostname? I think the problem is here.
Attached Files
File Type: txt sendmail.txt (12.1 KB, 223 views)
Reply With Quote
  #5   (View Single Post)  
Old 23rd May 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

I also find it strange that it tries lookups for fc6

There is another file, which influences name lookup. It is called /etc/nsswitch.conf See http://www.freebsd.org/cgi/man.cgi?q...SE&format=html

Do you have such a file? What is in it? What is the "/etc/hosts" file?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #6   (View Single Post)  
Old 23rd May 2008
ducu_00 ducu_00 is offline
Real Name: Alexandru Cristea
Port Guard
 
Join Date: May 2008
Location: Romania
Posts: 12
Default

The files are the default ones.

Quote:
[root@fbsd-5 ~]# cat /etc/nsswitch.conf
group: compat
group_compat: nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: nis
shells: files

[root@fbsd-5 ~]# cat /etc/hosts
::1 localhost localhost.my.domain
127.0.0.1 localhost localhost.my.domain
Finally I made sendmail working as expected by disabling ipv6 support in /usr/ports/mail/sendmail/Makefile (SENDMAIL_WITHOUT_IPV6=yes) and recompiling.

Quote:
[root@fbsd-5 ~]# sendmail -d8.8 test@fc-6.bdux.dsdis.ro
;; res_querydomain(fbsd-5.bdux.dsdis.ro, <Nil>, 1, 1)
;; res_query(fbsd-5.bdux.dsdis.ro, 1, 1)
;; res_mkquery(0, fbsd-5.bdux.dsdis.ro, 1, 1)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47218
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; fbsd-5.bdux.dsdis.ro, type = A, class = IN
;; Querying server (# 1) address = 10.32.0.1
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47218
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; fbsd-5.bdux.dsdis.ro, type = A, class = IN
fbsd-5.bdux.dsdis.ro. 10M IN A 10.32.0.58
bdux.dsdis.ro. 10M IN NS gw.bdux.dsdis.ro.
gw.bdux.dsdis.ro. 10M IN A 10.32.0.1
_res.options = 12c3, HasWildcardMX = 0
dns_getcanonname(fc-6.bdux.dsdis.ro, trymx=1)
dns_getcanonname: trying fc-6.bdux.dsdis.ro. (A)
;; res_querydomain(fc-6.bdux.dsdis.ro, , 1, 1)
;; res_query(fc-6.bdux.dsdis.ro., 1, 1)
;; res_mkquery(0, fc-6.bdux.dsdis.ro., 1, 1)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47219
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; fc-6.bdux.dsdis.ro, type = A, class = IN
;; Querying server (# 1) address = 10.32.0.1
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47219
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; fc-6.bdux.dsdis.ro, type = A, class = IN
fc-6.bdux.dsdis.ro. 10M IN A 10.32.0.56
bdux.dsdis.ro. 10M IN NS gw.bdux.dsdis.ro.
gw.bdux.dsdis.ro. 10M IN A 10.32.0.1
YES
dns_getcanonname: fc-6.bdux.dsdis.ro
getmxrr([127.0.0.1], droplocalhost=1)
Only 2 queries, one for its own hostname, the other for the destination hostname. I think you noticed I have no ipv6 support on my network

Seems like a bug in the ipv6 resolver of sendmail 8.14.2, used by the default sendmail configuration on freeBSD 5.5 and 6.3.

The things are quite different in the 7.3 release sendmail, 8.14.2 too:

Quote:
[root@fbsd-7 ~]# sendmail -d8.8 test@fc-6.bdux.dsdis.ro
;; res_nquerydomain(fbsd-7.bdux.dsdis.ro, <Nil>, 1, 28)
;; res_query(fbsd-7.bdux.dsdis.ro, 1, 28)
;; res_nmkquery(QUERY, fbsd-7.bdux.dsdis.ro, IN, AAAA)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26643
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; fbsd-7.bdux.dsdis.ro, type = AAAA, class = IN
;; Querying server (# 1) address = 10.32.0.1
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26643
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; fbsd-7.bdux.dsdis.ro, type = AAAA, class = IN
bdux.dsdis.ro. 10M IN SOA gw.bdux.dsdis.ro. root.gw.bdux.dsdis.ro. (
2008052101 ; serial
10M ; refresh
1D ; retry
1h40m ; expiry
1W ) ; minimum

;; rcode = (NOERROR), counts = an:0 ns:1 ar:0
;; res_nquerydomain(fbsd-7.bdux.dsdis.ro, bdux.dsdis.ro, 1, 28)
;; res_query(fbsd-7.bdux.dsdis.ro.bdux.dsdis.ro, 1, 28)
;; res_nmkquery(QUERY, fbsd-7.bdux.dsdis.ro.bdux.dsdis.ro, IN, AAAA)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26644
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; fbsd-7.bdux.dsdis.ro.bdux.dsdis.ro, type = AAAA, class = IN
;; Querying server (# 1) address = 10.32.0.1
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26644
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; fbsd-7.bdux.dsdis.ro.bdux.dsdis.ro, type = AAAA, class = IN
bdux.dsdis.ro. 10M IN SOA gw.bdux.dsdis.ro. root.gw.bdux.dsdis.ro. (
2008052101 ; serial
10M ; refresh
1D ; retry
1h40m ; expiry
1W ) ; minimum

;; rcode = (NXDOMAIN), counts = an:0 ns:1 ar:0
;; res_nquerydomain(fbsd-7.bdux.dsdis.ro, dsdis.ro, 1, 28)
;; res_query(fbsd-7.bdux.dsdis.ro.dsdis.ro, 1, 28)
;; res_nmkquery(QUERY, fbsd-7.bdux.dsdis.ro.dsdis.ro, IN, AAAA)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26645
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; fbsd-7.bdux.dsdis.ro.dsdis.ro, type = AAAA, class = IN
;; Querying server (# 1) address = 10.32.0.1
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26645
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; fbsd-7.bdux.dsdis.ro.dsdis.ro, type = AAAA, class = IN
dsdis.ro. 1H IN SOA isdc.dsdis.ro. hostmaster. (
4534 ; serial
15M ; refresh
10M ; retry
1D ; expiry
1H ) ; minimum

;; rcode = (NXDOMAIN), counts = an:0 ns:1 ar:0
res_nsearch failed (-1)
;; res_nquerydomain(fbsd-7.bdux.dsdis.ro, <Nil>, 1, 1)
;; res_query(fbsd-7.bdux.dsdis.ro, 1, 1)
;; res_nmkquery(QUERY, fbsd-7.bdux.dsdis.ro, IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26646
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; fbsd-7.bdux.dsdis.ro, type = A, class = IN
;; Querying server (# 1) address = 10.32.0.1
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26646
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; fbsd-7.bdux.dsdis.ro, type = A, class = IN
fbsd-7.bdux.dsdis.ro. 10M IN A 10.32.0.60
bdux.dsdis.ro. 10M IN NS gw.bdux.dsdis.ro.
gw.bdux.dsdis.ro. 10M IN A 10.32.0.1
_res.options = 800012c3, HasWildcardMX = 0
dns_getcanonname(fc-6.bdux.dsdis.ro, trymx=1)
dns_getcanonname: trying fc-6.bdux.dsdis.ro. (AAAA)
;; res_nquerydomain(fc-6.bdux.dsdis.ro, , 1, 28)
;; res_query(fc-6.bdux.dsdis.ro., 1, 28)
;; res_nmkquery(QUERY, fc-6.bdux.dsdis.ro., IN, AAAA)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26647
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; fc-6.bdux.dsdis.ro, type = AAAA, class = IN
;; Querying server (# 1) address = 10.32.0.1
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26647
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; fc-6.bdux.dsdis.ro, type = AAAA, class = IN
bdux.dsdis.ro. 10M IN SOA gw.bdux.dsdis.ro. root.gw.bdux.dsdis.ro. (
2008052101 ; serial
10M ; refresh
1D ; retry
1h40m ; expiry
1W ) ; minimum

;; rcode = (NOERROR), counts = an:0 ns:1 ar:0
NO: errno=19, h_errno=4
dns_getcanonname: trying fc-6.bdux.dsdis.ro. (A)
;; res_nquerydomain(fc-6.bdux.dsdis.ro, , 1, 1)
;; res_query(fc-6.bdux.dsdis.ro., 1, 1)
;; res_nmkquery(QUERY, fc-6.bdux.dsdis.ro., IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26648
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; fc-6.bdux.dsdis.ro, type = A, class = IN
;; Querying server (# 1) address = 10.32.0.1
;; new DG socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26648
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; fc-6.bdux.dsdis.ro, type = A, class = IN
fc-6.bdux.dsdis.ro. 10M IN A 10.32.0.56
bdux.dsdis.ro. 10M IN NS gw.bdux.dsdis.ro.
gw.bdux.dsdis.ro. 10M IN A 10.32.0.1
YES
dns_getcanonname: fc-6.bdux.dsdis.ro
getmxrr([127.0.0.1], droplocalhost=1)
[root@fbsd-7 ~]#
So, the problem is sendmail 8.14.2 related of system resolver related? It is not clear to me. I think sendmail does not use the system resolver. If that would be the case, why that differences between the 7.0 release version and the 5.5/6.3 ones?
Reply With Quote
  #7   (View Single Post)  
Old 23rd May 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

I am glad to hear that the problem disappears by recompiling sendmail without IPv6 support.

Unfortunately at this moment, I don't have the time to find out whether sendmail uses the system resolver or not. I just moved house and have to spend my time painting the new house on the inside as well on the outside
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #8   (View Single Post)  
Old 26th May 2008
ducu_00 ducu_00 is offline
Real Name: Alexandru Cristea
Port Guard
 
Join Date: May 2008
Location: Romania
Posts: 12
Default

Quote:
Unfortunately at this moment, I don't have the time to find out whether sendmail uses the system resolver or not. I just moved house and have to spend my time painting the new house on the inside as well on the outside.
Obviously, your new home deserve more attention that sendmail. I'll post my problem on a sendmail forum some day because it seems sendmail related , not os related.

J65nko, thank you for your replies and.....smile, tomorrow could be worse
Reply With Quote
  #9   (View Single Post)  
Old 20th January 2009
ducu_00 ducu_00 is offline
Real Name: Alexandru Cristea
Port Guard
 
Join Date: May 2008
Location: Romania
Posts: 12
Default

Hello again.

Time has passed but the problem is still there, even in the new stable release 6.4: sendmail (now 8.14.3, the latest) queries the name-server for the AAAA record of the _unqualified_ hostname of the recipient domain mail-server after it had obtained the ipv4 address of the qualified hostname:
PHP Code:
15:35:08.141558 IP 10.32.0.67.60957 10.32.0.1.domain:  29099AAAAfbsd6-c.bdux.dsdis.ro. (39)
15:35:08.141787 IP 10.32.0.1.domain 10.32.0.67.60957:  290990/1/(83)
15:35:08.142333 IP 10.32.0.67.56525 10.32.0.1.domain:  29100AAAAfbsd6-c.bdux.dsdis.ro.bdux.dsdis.ro. (53)
15:35:08.142416 IP 10.32.0.1.domain 10.32.0.67.56525:  29100 NXDomain0/1/(97)
15:35:08.142924 IP 10.32.0.67.51065 10.32.0.1.domain:  29101Afbsd6-c.bdux.dsdis.ro. (39)
15:35:08.143002 IP 10.32.0.1.domain 10.32.0.67.51065:  291011/1/1 A[|domain]
15:35:08.164826 IP 10.32.0.67.53414 10.32.0.1.domain:  39237AAAAfbsd6-c.bdux.dsdis.ro. (39)
15:35:08.164893 IP 10.32.0.1.domain 10.32.0.67.53414:  392370/1/(83)
15:35:08.165290 IP 10.32.0.67.62484 10.32.0.1.domain:  39238Afbsd6-c.bdux.dsdis.ro. (39)
15:35:08.165359 IP 10.32.0.1.domain 10.32.0.67.62484:  392381/1/1 A[|domain]
15:35:08.277968 IP 10.32.0.67.50307 10.32.0.1.domain:  39239AAAAkvm0.bdux.dsdis.ro. (36)
15:35:08.278038 IP 10.32.0.1.domain 10.32.0.67.50307:  392390/1/(80)
15:35:08.281394 IP 10.32.0.67.53648 10.32.0.1.domain:  39240Akvm0.bdux.dsdis.ro. (36)
15:35:08.281463 IP 10.32.0.1.domain 10.32.0.67.53648:  392401/1/1 A 10.32.0.10 (85)
15:35:08.300760 IP 10.32.0.67.52122 10.32.0.1.domain:  39241MXkvm0.bdux.dsdis.ro. (36)
15:35:08.300827 IP 10.32.0.1.domain 10.32.0.67.52122:  392410/1/(80)
15:35:08.301171 IP 10.32.0.67.53609 10.32.0.1.domain:  39242AAAAkvm0.bdux.dsdis.ro. (36)
15:35:08.301235 IP 10.32.0.1.domain 10.32.0.67.53609:  392420/1/(80)
15:35:08.301582 IP 10.32.0.67.59774 10.32.0.1.domain:  39243Akvm0.bdux.dsdis.ro. (36)
15:35:08.301652 IP 10.32.0.1.domain 10.32.0.67.59774:  392431/1/1 A 10.32.0.10 (85)
15:35:08.302279 IP 10.32.0.67.53301 10.32.0.1.domain:  39244AAAAkvm0.bdux.dsdis.ro. (36)
15:35:08.302342 IP 10.32.0.1.domain 10.32.0.67.53301:  392440/1/(80)
15:35:08.302839 IP 10.32.0.67.57188 10.32.0.1.domain:  39245AAAAkvm0.bdux.dsdis.ro. (36)
15:35:08.302901 IP 10.32.0.1.domain 10.32.0.67.57188:  392450/1/(80)
15:35:08.303262 IP 10.32.0.67.60621 10.32.0.1.domain:  39246AAAAkvm0.dsdis.ro. (31)
15:35:08.303323 IP 10.32.0.1.domain 10.32.0.67.60621:  39246 NXDomain 0/1/(82)
15:35:08.303661 IP 10.32.0.67.52445 10.32.0.1.domain:  39247AAAAkvm0. (22)
15:35:08.303717 IP 10.32.0.1.domain 10.32.0.67.52445:  39247 NXDomain 0/1/(97)
15:35:08.304095 IP 10.32.0.67.54761 10.32.0.1.domain:  39248AAAAkvm0.bdux.dsdis.ro. (36)
15:35:08.304158 IP 10.32.0.1.domain 10.32.0.67.54761:  392480/1/(80)
15:35:08.304543 IP 10.32.0.67.65423 10.32.0.1.domain:  39249AAAAkvm0. (22)
15:35:08.304599 IP 10.32.0.1.domain 10.32.0.67.65423:  39249 NXDomain 0/1/(97)
15:35:08.304975 IP 10.32.0.67.49569 10.32.0.1.domain:  39250Akvm0.bdux.dsdis.ro. (36)
15:35:08.305045 IP 10.32.0.1.domain 10.32.0.67.49569:  392501/1/1 A 10.32.0.10 (85)
15:35:08.305910 IP 10.32.0.67.61872 10.32.0.1.domain:  39251PTR67.0.32.10.in-addr.arpa. (41)
15:35:08.305983 IP 10.32.0.1.domain 10.32.0.67.61872:  392511/1/1 PTR[|domain]
15:42:27.286969 IP 10.32.0.67.51235 10.32.0.1.domain:  50737Akvm0.bdux.dsdis.ro. (36)
15:42:27.287173 IP 10.32.0.1.domain 10.32.0.67.51235:  507371/1/1 A 10.32.0.10 (85)
15:42:27.287997 IP 10.32.0.67.59707 10.32.0.1.domain:  40312AAAAkvm0.bdux.dsdis.ro. (36)
15:42:27.288074 IP 10.32.0.1.domain 10.32.0.67.59707:  403120/1/(80)
15:42:27.288495 IP 10.32.0.67.63949 10.32.0.1.domain:  18118MXkvm0.bdux.dsdis.ro. (36)
15:42:27.288561 IP 10.32.0.1.domain 10.32.0.67.63949:  181180/1/(80
The questionable lines are:
PHP Code:
15:35:08.304543 IP 10.32.0.67.65423 10.32.0.1.domain:  39249AAAAkvm0. (22)
15:35:08.304599 IP 10.32.0.1.domain 10.32.0.67.65423:  39249 NXDomain 0/1/(97
What is different from the almost one year old situation from the beginning of the thread is the NXDomain response from the name server (was ServFail). That is a M$ name server implementation issue which makes it return ServFail after a (A or AAAA) query for a single label name. I use such a server as a forwarder. More details at http://www.tomshardware.co.uk/forum/...7182_36_0.html.

As of the sendmail/resolver issue, this is not present on the 7.1 release (8.14.3 again):

PHP Code:
15:23:38.427796 IP 10.32.0.69.61251 10.32.0.1.domain:  19190AAAAfbsd71.bdux.dsdis.ro. (38)
15:23:38.428018 IP 10.32.0.1.domain 10.32.0.69.61251:  191900/1/(82)
15:23:38.428544 IP 10.32.0.69.49225 10.32.0.1.domain:  19191AAAAfbsd71.bdux.dsdis.ro.bdux.dsdis.ro. (52)
15:23:38.428666 IP 10.32.0.1.domain 10.32.0.69.49225:  19191 NXDomain0/1/(96)
15:23:38.428939 IP 10.32.0.69.51421 10.32.0.1.domain:  19192AAAAfbsd71.bdux.dsdis.ro.dsdis.ro. (47)
15:23:38.429656 IP 10.32.0.1.domain 10.32.0.69.51421:  19192 NXDomain 0/1/(98)
15:23:38.430132 IP 10.32.0.69.54936 10.32.0.1.domain:  19193Afbsd71.bdux.dsdis.ro. (38)
15:23:38.430212 IP 10.32.0.1.domain 10.32.0.69.54936:  191931/1/1 A 10.32.0.69 (87)
15:23:38.454087 IP 10.32.0.69.61482 10.32.0.1.domain:  9208AAAAfbsd71.bdux.dsdis.ro. (38)
15:23:38.454202 IP 10.32.0.1.domain 10.32.0.69.61482:  92080/1/(82)
15:23:38.454465 IP 10.32.0.69.64049 10.32.0.1.domain:  9209Afbsd71.bdux.dsdis.ro. (38)
15:23:38.454536 IP 10.32.0.1.domain 10.32.0.69.64049:  92091/1/1 A 10.32.0.69 (87)
15:23:38.565330 IP 10.32.0.69.56735 10.32.0.1.domain:  9210AAAAkvm0.bdux.dsdis.ro. (36)
15:23:38.565438 IP 10.32.0.1.domain 10.32.0.69.56735:  92100/1/(80)
15:23:38.565787 IP 10.32.0.69.59089 10.32.0.1.domain:  9211Akvm0.bdux.dsdis.ro. (36)
15:23:38.565858 IP 10.32.0.1.domain 10.32.0.69.59089:  92111/1/1 A 10.32.0.10 (85)
15:23:38.590998 IP 10.32.0.69.58523 10.32.0.1.domain:  9212MXkvm0.bdux.dsdis.ro. (36)
15:23:38.591101 IP 10.32.0.1.domain 10.32.0.69.58523:  92120/1/(80)
15:23:38.591479 IP 10.32.0.69.52620 10.32.0.1.domain:  9213AAAAkvm0.bdux.dsdis.ro. (36)
15:23:38.591535 IP 10.32.0.1.domain 10.32.0.69.52620:  92130/1/(80)
15:23:38.591867 IP 10.32.0.69.55481 10.32.0.1.domain:  9214Akvm0.bdux.dsdis.ro. (36)
15:23:38.591959 IP 10.32.0.1.domain 10.32.0.69.55481:  92141/1/1 A 10.32.0.10 (85)
15:23:38.592538 IP 10.32.0.69.56538 10.32.0.1.domain:  9215AAAAkvm0.bdux.dsdis.ro. (36)
15:23:38.592629 IP 10.32.0.1.domain 10.32.0.69.56538:  92150/1/(80)
15:23:38.592959 IP 10.32.0.69.57611 10.32.0.1.domain:  9216Akvm0.bdux.dsdis.ro. (36)
15:23:38.593037 IP 10.32.0.1.domain 10.32.0.69.57611:  92161/1/1 A 10.32.0.10 (85)
15:23:38.593554 IP 10.32.0.69.56090 10.32.0.1.domain:  9217Akvm0.bdux.dsdis.ro. (36)
15:23:38.593644 IP 10.32.0.1.domain 10.32.0.69.56090:  92171/1/1 A 10.32.0.10 (85)
15:23:38.594544 IP 10.32.0.69.59892 10.32.0.1.domain:  9218PTR69.0.32.10.in-addr.arpa. (41)
15:23:38.594628 IP 10.32.0.1.domain 10.32.0.69.59892:  92181/1/1 PTR[|domain]
15:23:38.649438 IP 10.32.0.69.57524 10.32.0.1.domain:  9219AAAAkvm0.bdux.dsdis.ro. (36)
15:23:38.649531 IP 10.32.0.1.domain 10.32.0.69.57524:  92190/1/(80)
15:23:38.649876 IP 10.32.0.69.64245 10.32.0.1.domain:  9220Akvm0.bdux.dsdis.ro. (36)
15:23:38.649963 IP 10.32.0.1.domain 10.32.0.69.64245:  92201/1/1 A 10.32.0.10 (85
Which make me wonder again: why would sendmail query for an unqualified hostname, but only on freebsd releases < 7.0? The sendmail configurations are the same, the compile-time options too:

PHP Code:
Version 8.14.3
 Compiled with
DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SCANF
                STARTTLS TCPWRAPPERS USERDB XDEBUG 
Now it seems to me more like a freebsd issue than a sendmail one
Reply With Quote
Old 21st January 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

Code:
NAME
     resolver -- resolver configuration file

SYNOPSIS
     resolv.conf

DESCRIPTION
     The resolver(3) is a set of routines in the C library which provide
     access to the Internet Domain Name System.  The resolver configuration
     file contains information that is read by the resolver routines the first
     time they are invoked by a process.  The file is designed to be human
     readable and contains a list of keywords with values that provide various
     types of resolver information.
If you are correct the cause would be the libc library.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sendmail Timmy66 OpenBSD General 11 19th October 2008 03:01 PM
sendmail dont boot dejabu18 FreeBSD Ports and Packages 0 8th October 2008 02:07 PM
Sendmail 8.14.2 undisclosed DNSBL lookup failure and NOQUEUE errors (FreeBSD 7.0) NathanPardoe FreeBSD General 9 21st May 2008 12:00 AM
Using sendmail in a cron job erehwon OpenBSD General 6 15th May 2008 09:03 PM
Sendmail, issues... pcfxer FreeBSD General 2 8th May 2008 10:07 AM


All times are GMT. The time now is 06:40 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick