From owner-freebsd-hackers Mon Jan 6 13: 9: 7 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 937FF37B401; Mon, 6 Jan 2003 13:09:05 -0800 (PST) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0307E43EA9; Mon, 6 Jan 2003 13:09:00 -0800 (PST) (envelope-from pmc@citylink.dinoex.sub.org) Received: from net2.dinoex.sub.org (uucp@net2.dinoex.de [212.184.201.182]) by net2.dinoex.sub.org (8.12.6/8.12.6) with ESMTP id h06L7f3G003031; Mon, 6 Jan 2003 22:07:43 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) X-Authentication-Warning: net2.dinoex.sub.org: Host uucp@net2.dinoex.de [212.184.201.182] claimed to be net2.dinoex.sub.org Received: from citylink.dinoex.sub.org (uucp@localhost) by net2.dinoex.sub.org (8.12.6/8.12.6/Submit) with UUCP id h06L7eTj003030; Mon, 6 Jan 2003 22:07:40 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: from citylink.dinoex.sub.de by citylink.dinoex.sub.org (8.8.5/PMuch-B3b) with ESMTP id TAA00460; Mon, 6 Jan 2003 19:15:09 +0100 (CET) Received: from gate.oper.dinoex.org (localhost [127.0.0.1]) by citylink.dinoex.sub.de (8.12.6/8.12.6) with ESMTP id h06I0Gfp000316; Mon, 6 Jan 2003 19:00:17 +0100 (CET) (envelope-from pmc@disp.oper.dinoex.org) Received: from disp.oper.dinoex.org (disp-e [192.168.98.5]) by gate.oper.dinoex.org (8.12.6/8.12.6) with ESMTP id h06HwrLt000298; Mon, 6 Jan 2003 18:58:54 +0100 (CET) (envelope-from pmc@disp.oper.dinoex.org) Received: (from pmc@localhost) by disp.oper.dinoex.org (8.11.6/8.11.6) id h06Gaqq00648; Mon, 6 Jan 2003 17:36:52 +0100 (CET) (envelope-from pmc) Date: Mon, 6 Jan 2003 17:36:52 +0100 From: Peter Much To: Terry Lambert Cc: Peter Much , Gregory Neil Shapiro , hackers@FreeBSD.ORG Subject: Re: sendmail: how to get the named of FreeBSD4.7 standards compliant? Message-ID: <20030106173652.A495@disp.oper.dinoex.org> References: <20030101181330.C8233@disp.oper.dinoex.org> <3E134659.78028611@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3E134659.78028611@mindspring.com>; from tlambert2@mindspring.com on Wed, Jan 01, 2003 at 11:49:45AM -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ! > Background: This environment should be configured to use ! > an internet connection for internet-relevant things, but to ! > work flawlessly without such a connection as long as matters ! > do concern only systems within the LAN. ! ! This is called a "split horizon DNS", and you need to run two ! DNS servers, one interior, and one exterior, both authoritative ! for your domain, in order for this to work. The problem is that ! you are forwarding a request that should be local, and you are ! doing it because your local server does not pass the authority ! test for your local domain. Well, I think I got it now. What I did not know was that any nameserver installation is expected to always have some kind of root nameserver accessible (either the real ones from the internet, or elseways a local shortcut) in order to function properly. Failing this seems not to hurt as long as only hostnames and domains are resolved which actually do exist in the zone files. But when sendmail (or the resolver) doesn't find an AAAA record for some FQDN, it next tries to resolve the short hostname - and the local nameserver seems not to consider itself authoritative for an unqualified hostname (which would be indistinguishable from a TLD, anyway). ! I have been told that BIND 9 can solve this problem with two ! different "views"; however, I do not believe it. I wrote a ! BCP RFC for this, which ended up not getting published, as I ! did not push it on the promise that the views would solve the ! problem, and arrive much sooner than they did. I believe it ! is still available from: ! ! ftp://ftp.whistle.com/pub/terry/drafts/draft-lambert-dns-split-00.txt Yes, this paints my configuration. And now I do not think that a "split horizon" configuration could solve my problem at all. Because if it could tell me that my unqualified hostname does not exist (without querying the outside), then it would also tell me that FreeBSD.org does not exist... So I see only three strategies: 1. Keep the internet connection available at anytime. 2. Use the BrokenAAAA hack. 3. Configure IPv6 in the LAN. regards, Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message