From owner-freebsd-stable@FreeBSD.ORG  Tue Aug  6 11:10:07 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 40C4252F;
 Tue,  6 Aug 2013 11:10:07 +0000 (UTC)
 (envelope-from timp87@gmail.com)
Received: from mail-vb0-x22b.google.com (mail-vb0-x22b.google.com
 [IPv6:2607:f8b0:400c:c02::22b])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id E662727AF;
 Tue,  6 Aug 2013 11:10:06 +0000 (UTC)
Received: by mail-vb0-f43.google.com with SMTP id h11so214301vbh.16
 for <multiple recipients>; Tue, 06 Aug 2013 04:10:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:cc:content-type;
 bh=hDnJcToR480QyfQmFdWsH6LKxUMTEO+ewIKSN2aPCAI=;
 b=fMsfGJsvyKIH6NKuwLa0iiIDGMQknlCiQ60K0JzpZsoQz6x1HakyP8wuq7i0rbyBFo
 USx3Bx4yowlgRXyDWm1mTx1c2JCDNvRhkmWg1n+3mAsiyHSuByAEuK7m6As2AyKtnhvW
 16PTX9f69xsu3213QStfb+4MEpKskzoiPWH9/LZHUY5e89e+U9cqV9JIm3BHoXNzzEF6
 gCZGmnHXYMhPuu4p/Ma5mauYP5f3NRUd9DsmqKoCCHFqtHmKuF7Hwl76+aLn2CncymyN
 08EAKfinkj+poW9tjAg07+92mLCqtTUI4Uuzf4gKX/LrEvt/WhjrvkkoG+Cjpcb9VNv9
 K9Zg==
MIME-Version: 1.0
X-Received: by 10.58.85.161 with SMTP id i1mr177338vez.97.1375787405656; Tue,
 06 Aug 2013 04:10:05 -0700 (PDT)
Received: by 10.52.38.134 with HTTP; Tue, 6 Aug 2013 04:10:05 -0700 (PDT)
Date: Tue, 6 Aug 2013 15:10:05 +0400
Message-ID: <CAAoTqfurC_A8EsSz=jz4Cpkxj1=JutVnYQ-rpaB5eVyshm1g8w@mail.gmail.com>
Subject: Sendmail-8.14.7 doesn't work with MS DNS in IPv4 network
From: Pavel Timofeev <timp87@gmail.com>
To: freebsd-stable@freebsd.org
Content-Type: text/plain; charset=UTF-8
Cc: gshapiro@freebsd.org
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2013 11:10:07 -0000

Hello!

I found a problem in new FreeBSD 9.2-{BETA2,RC1} which uses Sendmail-8.14.7.
If you try to send email from FreeBSD 9.2 in IPv4 network with MS DNS
you won't receive it.
But in same time email passes from FreeBSD 9.1-RELEASE which uses
Sendmail-8.14.5.

It's because of two things.

First thing: Sendmail behaviour changed between these two releases
when it tries to resolve mx server name. For example, I did `echo foo
| mail timp@xxx.ru`.

Sendmail-8.14.5's tcpdump output:
14:30:45.061950 IP 10.0.2.15.30979 > hercules.xxx.ru.domain: 62684+
MX? xxx.ru. (24)
14:30:45.063064 IP hercules.xxx.ru.domain > 10.0.2.15.30979: 62684*
1/0/1 MX kalmar.xxx.ru. 10 (63)
14:30:45.063624 IP 10.0.2.15.39212 > hercules.xxx.ru.domain: 62685+
AAAA? kalmar.xxx.ru. (31)
14:30:45.064460 IP hercules.xxx.ru.domain > 10.0.2.15.39212: 62685* 0/1/0 (82)
14:30:45.064766 IP 10.0.2.15.44381 > hercules.xxx.ru.domain: 62686+ A?
kalmar.xxx.ru. (31)
14:30:45.065530 IP hercules.xxx.ru.domain > 10.0.2.15.44381: 62686*
1/0/0 A 192.168.31.190 (47)
14:30:45.066014 IP 10.0.2.15.42197 > hercules.xxx.ru.domain: 62687+ A?
kalmar.xxx.ru. (31)
14:30:45.066810 IP hercules.xxx.ru.domain > 10.0.2.15.42197: 62687*
1/0/0 A 192.168.31.190 (47)
14:30:45.071833 IP 10.0.2.15.23534 > hercules.xxx.ru.domain: 62688+
PTR? 15.2.0.10.in-addr.arpa. (40)


Sendmail-8.14.7's tcpdump output:
14:59:50.793338 IP reticulum.xxx.ru.19032 > hercules.xxx.ru.domain:
53417+ AAAA? xxx.ru. (24) [13/98]
14:59:50.793662 IP hercules.xxx.ru.domain > reticulum.xxx.ru.19032:
53417* 0/1/0 (75)
14:59:50.793696 IP reticulum.xxx.ru.55299 > hercules.xxx.ru.domain:
53418+ A? xxx.ru. (24)
14:59:50.794087 IP hercules.xxx.ru.domain > reticulum.xxx.ru.55299:
53418* 7/0/0 A 192.168.2.11, A 192.168.2.12, A 192.168.41.4, A
192.168.14.12, A 192.168.34.100, A 192.168.34.110, A 192.168.44.19  (136)
14:59:50.973445 IP reticulum.xxx.ru.29244 > hercules.xxx.ru.domain:
53419+ MX? xxx.ru. (24)
14:59:50.973754 IP hercules.xxx.ru.domain > reticulum.xxx.ru.29244:
53419* 1/0/1 MX kalmar.xxx.ru. 10 (63)
14:59:50.974061 IP reticulum.xxx.ru.56461 > hercules.xxx.ru.domain:
53420+ AAAA? kalmar.xxx.ru. (31)
14:59:50.974340 IP hercules.xxx.ru.domain > reticulum.xxx.ru.56461:
53420* 0/1/0 (82)
14:59:50.974570 IP reticulum.xxx.ru.28332 > hercules.xxx.ru.domain:
53421+ AAAA? kalmar.xxx.ru. (31)
14:59:50.974887 IP hercules.xxx.ru.domain > reticulum.xxx.ru.28332:
53421* 0/1/0 (82)
14:59:50.974919 IP reticulum.xxx.ru.21453 > hercules.xxx.ru.domain:
53422+ AAAA? kalmar. (24)
14:59:50.975290 IP hercules.xxx.ru.domain > reticulum.xxx.ru.21453:
53422 ServFail 0/0/0 (24)
14:59:50.975314 IP reticulum.xxx.ru.63038 > hercules.xxx.ru.domain:
53422+ AAAA? kalmar. (24)
14:59:50.975674 IP hercules.xxx.ru.domain > reticulum.xxx.ru.63038:
53422 ServFail 0/0/0 (24)
14:59:50.975749 IP reticulum.xxx.ru.38393 > hercules.xxx.ru.domain:
53423+ AAAA? kalmar.xxx.ru. (31)
14:59:50.976105 IP hercules.xxx.ru.domain > reticulum.xxx.ru.38393:
53423* 0/1/0 (82)
14:59:50.976176 IP reticulum.xxx.ru.45558 > hercules.xxx.ru.domain:
53424+ AAAA? kalmar. (24)
14:59:50.976483 IP hercules.xxx.ru.domain > reticulum.xxx.ru.45558:
53424 ServFail 0/0/0 (24)
14:59:50.976512 IP reticulum.xxx.ru.45297 > hercules.xxx.ru.domain:
53424+ AAAA? kalmar. (24)
14:59:50.976864 IP hercules.xxx.ru.domain > reticulum.xxx.ru.45297:
53424 ServFail 0/0/0 (24)


All of them asked MX and got it - kalmar.xxx.ru. Then they went to
resolve kalmar.xxx.ru.
Sendmail-8.14.5 asked one time for 'AAAA kalmar.xxx.ru.' and then went
to ask 'A kalmar.xxx.ru.'.
But Sendmail-8.15.7 asked several times for 'AAAA kalmar.xxx.ru.' and
then went to ask 'AAAA kalmar.' Without xxx.ru at then end, just
servername. What for? I don't know. This is change.
And yes, sendmail ignored ADDITIONAL SECTION from MX record and tried
to resolve mx server name independently.



Second thing: Sendmail-8.15.7 doesn't work with MS DNS in IPv4 network.
MS DNS answers SERVFAIL on 'AAAA kalmar.'
But BIND answers NXDOMAIN on same query.
In case of SERVFAIL answer Sendmail never goes to ask for any A
records. It tries to resolve 'AAAA kalmar.' again and again.
In case of NXDOMAIN answer Sendmail goes to ask for A record and no problem.
I checked it, set BIND server as DNS server for this test host.

In my network there are only MS DNS servers.
I tried to install sendmail-8.14.5 on FreeBSD 9.2-RC1 and got no
problem with email.
I tried to use ip6addrctl. No effect.

So what we gonna do? There will be so many crying persons in
mailinglist after 9.2-RELEASE I think)

P.S. here is russian version small discussion
http://ru-freebsd.livejournal.com/226451.html