From owner-freebsd-qa Mon May 20 9:55:33 2002 Delivered-To: freebsd-qa@freebsd.org Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by hub.freebsd.org (Postfix) with SMTP id 0883137B6AB for ; Mon, 20 May 2002 09:16:49 -0700 (PDT) Received: (qmail 24361 invoked by uid 85); 20 May 2002 16:24:38 -0000 Received: from unknown (HELO straylight.ringlet.net) (212.116.140.125) by south.nanolink.com with SMTP; 20 May 2002 16:24:35 -0000 Received: (qmail 53865 invoked by uid 1000); 20 May 2002 16:15:46 -0000 Date: Mon, 20 May 2002 19:15:46 +0300 From: Peter Pentchev To: Damon Anton Permezel Cc: freebsd-qa@FreeBSD.org, freebsd-hackers@freebsd.org Subject: Re: 4.6-* sendmail misfeatures Message-ID: <20020520191546.D349@straylight.oblivion.bg> Mail-Followup-To: Damon Anton Permezel , freebsd-qa@FreeBSD.org, freebsd-hackers@freebsd.org References: <20020520105154.E962@damon.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="BRE3mIcgqKzpedwo" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020520105154.E962@damon.com>; from dap@damon.com on Mon, May 20, 2002 at 10:51:54AM -0500 X-Virus-Scanned: by Nik's Monitoring Daemon (AMaViS perl-11d) Sender: owner-freebsd-qa@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --BRE3mIcgqKzpedwo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 20, 2002 at 10:51:54AM -0500, Damon Anton Permezel wrote: > Since upgrading from 4.5 to 4.6-*, I have had problems exchanging > email with a correspondent at "austinenergy.com". It shows up as: >=20 > % echo hi | mail -v no.such.user@austinenergy.com > austinenergy.com: Name server timeout > no.such.user@austinenergy.com... Transient parse error -- message queued= for future delivery > no.such.user@austinenergy.com... queued >=20 > I have tracked this down to the fact that sendmail is using a IPv6-style > lookup request. It is a "AAAA ?" rather than a "A ?" (in tcpdump-esque). [CC'd to -qa; this seems to be a usability problem, we are in a release code freeze, which mostly makes it a QA problem.] What exactly is the tcpdump output that you have been getting? It seems to me that, at least from my end, it is a simple matter of a timeout - the nameserver for austinenergy.com is listed from the gTLD servers as bolt.electric.austin.tx.us, and the nameservers for electric.austin.tx.us seem to not reply to any requests at all: nslookup, dig, dnsip, dnsipq all return either a timeout or a 'connection refused', which is mostly synonymous to a timeout. The fact that you see an AAAA query from sendmail is due to its (correct) behavior of trying an AAAA query before an A one, so as to prefer an IPv6 AAAA record to an IPv4 A record. The fact that sendmail does not even try an A query is due to its (correctly) assuming that something is wrong with the server - temporarily - because it received a SERVFAIL response. The SERVFAIL response (which means exactly as it says, a server failure, which is assumed to be a temporary condition) is returned by either your FreeBSD system's resolver library, or your ISP's nameserver, simply because, well, because the server failed (see above about the timeouts). > Further investigation dug up this manifesto in the sendmail README: >=20 > When attempting to canonify a hostname, some broken name > servers will return SERVFAIL (a temporary failure) on T_AAAA > (IPv6) lookups. If you want to excuse this behavior, include > WorkAroundBrokenAAAA in ResolverOptions. However, instead, > we recommend catching the problem and reporting it to the > name server administrator so we can rid the world of broken > name servers. >=20 > So, in violation of the networking "be liberal in what you accept and > conservative in what you produce", sendmail in it's new form will have ma= ny > perplexed sysadmins spending lots of time tracking down these mysterious > failures. >=20 > I suggest that the version of sendmail configs shipped with FreeBSD > should default to having WorkAroundBrokenAAAA set by default. Just a question: have you tried it with this option, and did it work? That is, did you get a response to an A query that you did not get to an AAAA? Once again, can you post some tcpdump output? G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence contradicts itself - or rather - well, no, actually it doesn'= t! --BRE3mIcgqKzpedwo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE86SEy7Ri2jRYZRVMRArFuAKCm9mny14hs3KwNwIhVD9HF/pdhMACgjESN tw6ZIQGYFYqlPXV7xLGjahg= =Zf6i -----END PGP SIGNATURE----- --BRE3mIcgqKzpedwo-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message