From owner-freebsd-hackers Tue Nov 19 03:20:51 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id DAA28006 for hackers-outgoing; Tue, 19 Nov 1996 03:20:51 -0800 (PST) Received: from dg-rtp.dg.com (dg-rtp.rtp.dg.com [128.222.1.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id DAA27972 for ; Tue, 19 Nov 1996 03:20:39 -0800 (PST) Received: by dg-rtp.dg.com (5.4R3.10/dg-rtp-v02) id AA29491; Tue, 19 Nov 1996 06:20:06 -0500 Received: from ponds by dg-rtp.dg.com.rtp.dg.com; Tue, 19 Nov 1996 06:20 EST Received: from lakes.water.net (lakes [10.0.0.3]) by ponds.water.net (8.7.5/8.7.3) with ESMTP id FAA02298; Tue, 19 Nov 1996 05:46:14 -0500 (EST) Received: (from rivers@localhost) by lakes.water.net (8.7.5/8.6.9) id FAA04689; Tue, 19 Nov 1996 05:48:02 -0500 (EST) Date: Tue, 19 Nov 1996 05:48:02 -0500 (EST) From: Thomas David Rivers Message-Id: <199611191048.FAA04689@lakes.water.net> To: marcs@znep.com, ponds!Grizzly.COM!markd Subject: Re: sendmail without DNS (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).) Cc: ponds!freebsd.org!freebsd-hackers Content-Type: text Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > As I mentioned before, and should have mentioned again when I moved it to > -hackers, that still does not prevent sendmail from trying to use DNS in > all cases. I've tried it. Quite a bit. > > I have tried nocanonify, nodns, a service.switch file and perhaps a few > other things that I can't remember right now, but sendmail still tries to > do DNS lookups. The last time this discussion came through the conclusion > was that the only way to change this was to recompile sendmail. AFAIK, > that is still the case. My experience exactly! If you read the sendmail documentation; you'll find a statement to that effect... It was previously claimed that nocanonify and nodns together would cause sendmail to not use DNS; but it didn't work for me either. I had to recompile sendmail to not use DNS... I did investigate what it took to run DNS; but it quickly degraded into a mess for me - my machine wants to participate in 3 different domains at the same time, and reading the DNS/BIND book on how to do this left me without a solution... I'd suggest recompiling :-) - Dave Rivers - > > On Mon, 18 Nov 1996, Mark Diekhans wrote: > > > >[moved to -hackers from security. It started with a discussion of > > >sendmail with uucp; I stated that sendmail still tries to use DNS no > > >matter how you configure it and you have to recompile it to make it stop.] > > > > > >On Mon, 18 Nov 1996, Robert Shady wrote: > > > > > >> > Incorrect. It RUNS without DNS but still TRIES to use it. If you really > > >> > don't have IP connectivity, then difference doesn't matter because it > > >> > still works when the lookup fails, however it still does try and the > > >> > difference does matter if you have partial IP connectivity. I have a > > >> > system setup with nocanonify and all the other config file tweaks I know > > >> > of, and it still tries to use DNS as a tcpdump shows quite clearly. This > > >> > system is running 8.7.5, so things may have been changed in more recent > > >> > versions but I can't say for sure; if this has changed in more recent > > >> > versions, please let me know. > > >> > > > >> > I _think_ the define that needs to be set to 0 is NAMED_BIND, but don't > > >> > recall for sure. This has been gone over before on the lists. > > > > I disabled the use of DNS by sendmail by adding the file /etc/service.switch > > containing the line: > > > > hosts files > > > >